Bump the npm_and_yarn group across 1 directory with 43 updates

[dependabot]

Bumps the npm_and_yarn group with 26 updates in the / directory:

Package	From	To
webpack-dev-server	2.9.1	3.1.11
browserify-sign	4.0.4	4.2.3
chownr	1.0.1	1.1.4
david	11.0.0	11.1.0
ejs	2.5.7	removed
size-limit	0.11.6	11.1.2
elliptic	6.4.0	6.5.5
handlebars	4.0.10	4.7.8
loader-utils	1.1.0	1.4.2
html-webpack-plugin	2.30.1	5.6.0
postcss	5.2.18	8.4.38
css-loader	0.28.7	7.1.1
json-schema	0.2.3	0.4.0
jsprim	1.4.1	1.4.2
lodash	4.17.4	4.17.21
ini	1.3.4	1.3.8
stringstream	0.0.5	0.0.6
got	6.7.1	removed
david	11.1.0	11.1.1
deep-extend	0.4.1	0.6.0
rc	1.1.7	1.2.8
rc	1.2.1	1.2.8
https-proxy-agent	1.0.0	2.2.4
nsp	2.8.1	3.2.1
pathval	1.1.0	1.1.1
randomatic	1.1.7	3.1.1
fill-range	2.2.3	2.2.4
y18n	3.2.1	3.2.2

Updates webpack-dev-server from 2.9.1 to 3.1.11

Release notes

Sourced from webpack-dev-server's releases.

v3.1.11

3.1.11 (2018-12-21)

Bug Fixes

• bin/options: correct check for color support (options.color) (#1555) (55398b5)
• package: update spdy v3.4.1...4.0.0 (assertion error) (#1491) (#1563) (7a3a257)
• Server: correct node version checks (#1543) (927a2b3)
• Server: mime type for wasm in contentBase directory (#1575) (#1580) (fadae5d)
• add url for compatibility with webpack@5 (#1598) (#1599) (68dd49a)
• check origin header for websocket connection (#1603) (b3217ca)

v3.1.10

2018-10-23

Bug Fixes

• options: add writeToDisk option to schema (#1520) (d2f4902)
• package: update sockjs-client v1.1.5...1.3.0 (url-parse vulnerability) (#1537) (e719959)
• Server: set tls.DEFAULT_ECDH_CURVE to 'auto' (#1531) (c12def3)

v3.1.9

No release notes provided.

v3.1.8

2018-09-06

Bug Fixes

• package: yargs security vulnerability (dependencies) (#1492) (8fb67c9)
• utils/createLogger: ensure quiet always takes precedence (options.quiet) (#1486) (7a6ca47)

v3.1.7

2018-08-29

Bug Fixes

• Server: don't use spdy on node >= v10.0.0 (#1451) (8ab9eb6)

v3.1.6

2018-08-26

Bug Fixes

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

3.1.11 (2018-12-21)

Bug Fixes

• bin/options: correct check for color support (options.color) (#1555) (55398b5)
• package: update spdy v3.4.1...4.0.0 (assertion error) (#1491) (#1563) (7a3a257)
• Server: correct node version checks (#1543) (927a2b3)
• Server: mime type for wasm in contentBase directory (#1575) (#1580) (fadae5d)
• add url for compatibility with webpack@5 (#1598) (#1599) (68dd49a)
• check origin header for websocket connection (#1603) (b3217ca)

3.1.10 (2018-10-23)

Bug Fixes

• options: add writeToDisk option to schema (#1520) (d2f4902)
• package: update sockjs-client v1.1.5...1.3.0 (url-parse vulnerability) (#1537) (e719959)
• Server: set tls.DEFAULT_ECDH_CURVE to 'auto' (#1531) (c12def3)

3.1.9 (2018-09-24)

3.1.8 (2018-09-06)

Bug Fixes

• package: yargs security vulnerability (dependencies) (#1492) (8fb67c9)
• utils/createLogger: ensure quiet always takes precedence (options.quiet) (#1486) (7a6ca47)

3.1.7 (2018-08-29)

Bug Fixes

• Server: don't use spdy on node >= v10.0.0 (#1451) (8ab9eb6)

... (truncated)

Commits

• ff2874f chore(release): 3.1.11
• b3217ca fix: check origin header for websocket connection (#1603)
• 68dd49a fix: add url for compatibility with webpack@5 (#1598) (#1599)
• fadae5d fix(Server): mime type for wasm in contentBase directory (#1575) (#1580)
• 7a3a257 fix(package): update spdy v3.4.1...4.0.0 (assertion error) (#1491) (#1563)
• 1fe82de ci(travis): Node 11 (on OS X) crashes, use 10 for now (#1588)
• 55398b5 fix(bin/options): correct check for color support (options.color) (#1555)
• 927a2b3 fix(Server): correct node version checks (#1543)
• fa96a76 chore(PULL_REQUEST_TEMPLATE): allow features (#1539)
• fe3219f chore(release): 3.1.10
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack-dev-server since your current version.

Updates browserify-sign from 4.0.4 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

• [patch] widen support to 0.12 9247adf
• [patch] drop minimum node support to v1 4d0ee49
• [Dev Deps] update aud, npmignore, tape 87f3a35
• [actions] remove redundant finisher 37a4758
• [Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12
• [Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)
• [Deps] update elliptic fb261ce
• [Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

• [Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

• Only apps should have lockfiles 09a8995
• [eslint] switch to eslint 83fe463
• [meta] add npmignore and auto-changelog 4418183
• [meta] fix package.json indentation 9ac5a5e
• [Tests] migrate from travis to github actions d845d85
• [Fix] sign: throw on unsupported padding scheme 8767739
• [Fix] properly check the upper bound for DSA signatures 85994cd
• [Tests] handle openSSL not supporting a scheme f5f17c2
• [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
• [Dev Deps] update nyc, standard, tape cc5350b
• [Tests] always run coverage; downgrade nyc 75ce1d5
• [meta] add safe-publish-latest dcf49ce
• [Tests] add npm run posttest 75dd8fd
• [Dev Deps] update tape 3aec038
• [Tests] skip unsupported schemes 703c83e
• [Tests] node < 6 lacks array includes 3aa43cf
• [Dev Deps] fix eslint range 98d4e0d

v4.2.1 - 2020-08-04

Merged

• bump elliptic [#58](https://github.com/crypto-browserify/browserify-sign/issues/58)

v4.2.0 - 2020-05-18

Merged

• switch to safe buffer [#53](https://github.com/crypto-browserify/browserify-sign/issues/53)

... (truncated)

Commits

• bf2c3ec v4.2.3
• 9247adf [patch] widen support to 0.12
• f427270 [Deps] update `parse-asn1
• 87f3a35 [Dev Deps] update aud, npmignore, tape
• fb261ce [Deps] update elliptic
• 4d0ee49 [patch] drop minimum node support to v1
• 9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
• 168e16f [Deps] pin elliptic due to a breaking change
• 37a4758 [actions] remove redundant finisher
• 4af5a90 v4.2.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates chownr from 1.0.1 to 1.1.4

Commits

• 814f642 1.1.4
• a0d7ae0 push to github before npm
• 1a3667a ignore stuff
• 147eac4 Full tests, handle errors properly in many cases
• 578fb9f update tap, fix rimraf version
• 5bbda8c feat: ignore ENOENT errors during chown
• deaa058 1.1.3
• 190e311 Don't early-capture the fs.lchownSync method
• df2826a push to git with 1 command, not 2
• cf3b27b 1.1.2
• Additional commits viewable in compare view

Updates david from 11.0.0 to 11.1.0

Changelog

Sourced from david's changelog.

Changelog

The format is based on Keep a Changelog.

Commits

• 73fc671 11.1.0
• 8497cae chore: update dependencies
• a198ada feat: ignore dependencies via globs (#144)
• c29013f chore: update deps and README (#154)
• 008beaf Merge pull request #146 from DanielRuf/chore/cache-node-modules
• d0a2e19 Merge branch 'master' into chore/cache-node-modules
• d180e8d Merge pull request #147 from DanielRuf/chore/add-nodejs-8-10
• cc5db9f Merge pull request #145 from DanielRuf/chore/clone-last-5-commits
• 9aeda4e chore: cache node_modules
• d4bf0e6 chore: clone last 5 commits
• Additional commits viewable in compare view

Updates dns-packet from 1.2.2 to 1.3.4

Commits

• ebdf849 1.3.4
• ac57872 move all allocUnsafes to allocs for easier maintenance
• c64c950 1.3.3
• 0598ba1 fix .. in encodingLength
• 010aedb 1.3.2
• 0d0d593 backport encodingLength fix to v1
• 7f35bac 1.3.1
• 3632f18 add .eslintrc, fix issues
• 81d4a96 Merge pull request #19 from pusateri/eslint
• 5228547 Fix some glaring issues reported by eslint.
• Additional commits viewable in compare view

Removes ejs

Updates size-limit from 0.11.6 to 11.1.2

Release notes

Sourced from size-limit's releases.

11.1.2

• Fixed CSS support in esbuild plugin (by @​just-boris).

11.1.1

• Fixed Windows support (by @​aryaemami59).

11.1.0

• Added TypeScript support for config (by @​aryaemami59).
• Fixed webpack-why regression (by @​hoo00nn).

11.0.3

• Fixed .mjs config support (by @​aryaemami59).
• Updated esbuild.

Changelog

Sourced from size-limit's changelog.

11.1.2

• Fixed CSS support in esbuild plugin (by @​just-boris).

11.1.1

• Fixed Windows support (by @​aryaemami59).

11.1.0

• Added TypeScript support for config (by @​aryaemami59).
• Fixed webpack-why regression (by @​hoo00nn).

11.0.3

• Fixed .mjs config support (by Arya Emami).
• Updated esbuild.

11.0.2

• Fixed require is not defined regression.
• Updated esbuild-visualizer.

11.0.1

• Updated estimo.
• Updated lilconfig.

11.0

• Moved to Brotli as default compression. Use gzip: true for old behavior.

10.0.3

• Fixed third-party plugins support (by @​JounQin).
• Fixed Windows support (by @​JounQin).

10.0.2

• Fixed require is not defined in webpack-css (by Andrey Medvedev).
• Fixed webpack config defined as function support (by @​lev875).

10.0.1

• Fixed imports and exports between packages.

10.0

• Removed @size-limit/dual-publish plugin.
• Moved projects to ESM (by @​lev875). Size Limit still can be used as CLI in CJS projects.
• Updated globby dependency.

9.0

• Remove Node.js 14 and 16 support.
• Moved to React from CDN for time plugin (by Aakansha Doshi).

8.2.6

• Fixed npm release process.

8.2.5

... (truncated)

Commits

• 9678264 Release 11.1.2 version
• 85a0d1d Update dependencies
• ed7b9ab Support css content in esbuild plugin (#361)
• 2d063b9 Release 11.1.1 version
• bf49080 Update dependencies
• 1d07215 Fix config file path resolution on windows (#359)
• 20ba5da Release 11.1 version
• 388845b Add TS docs
• b36e823 Add support for TypeScript config files (.size-limit.ts, .size-limit.mts,...
• 4ffac80 Fix ensure compatibility with ES and CommonJS module systems for StatoscopeWe...
• Additional commits viewable in compare view

Updates elliptic from 6.4.0 to 6.5.5

Commits

• 7570078 6.5.5
• 206da2e lib: lint
• 0a78e03 [Fix] restore node < 4 compat
• 43ac7f2 6.5.4
• f4bc72b package: bump deps
• 441b742 ec: validate that a point before deriving keys
• e71b2d9 lib: relint using eslint
• 8421a01 build(deps): bump elliptic from 6.4.1 to 6.5.3 (#231)
• 8647803 6.5.3
• 856fe4d signature: prevent malleability and overflows
• Additional commits viewable in compare view

Updates eventsource from 0.1.6 to 1.1.2

Changelog

Sourced from eventsource's changelog.

1.1.2

• Inline origin resolution, drops original dependency (#281 Espen Hovlandsdal)

1.1.1

• Do not include authorization and cookie headers on redirect to different origin (#273 Espen Hovlandsdal)

1.1.0

• Improve performance for large messages across many chunks (#130 Trent Willis)
• Add createConnection option for http or https requests (#120 Vasily Lavrov)
• Support HTTP 302 redirects (#116 Ryan Bonte)
• Prevent sequential errors from attempting multiple reconnections (#125 David Patty)
• Add new to correct test (#111 Stéphane Alnet)
• Fix reconnections attempts now happen more than once (#136 Icy Fish)

1.0.7

• Add dispatchEvent to EventSource (#101 Ali Afroozeh)
• Added checkServerIdentity option (#104 cintolas)
• Surface request error message (#107 RasPhilCo)

1.0.6

• Fix issue where a unicode sequence split in two chunks would lead to invalid messages (#108 Espen Hovlandsdal)
• Change example to use eventsource/ssestream (Aslak Hellesøy)

1.0.5

• Check for window existing before polyfilling. (#80 Neftaly Hernandez)

1.0.4

• Pass withCredentials on to the XHR. (#79 Ken Mayer)

1.0.2

• Fix proxy not working when proxy and target URL uses different protocols. (#76 Espen Hovlandsdal)
• Make close() a prototype method instead of an instance method. (#77 Espen Hovlandsdal)

1.0.1

• Reconnect if server responds with HTTP 500, 502, 503 or 504. (#74 Vykintas Narmontas)

1.0.0

• Add missing removeEventListener-method. (#51 Yucheng Tu / Espen Hovlandsdal)
• Fix EventSource reconnecting on non-200 responses. (af84476 Espen Hovlandsdal)
• Add ability to customize https options. (#53 Rafael Alfaro)

... (truncated)

Commits

• 0a8b85b 1.1.2
• f99ae66 docs: update history for 1.1.2
• 06c9721 chore: rebuild polyfill
• 9494642 fix: inline origin resolution, drop original dependency (#281)
• aa7a408 1.1.1
• 56d489e chore: rebuild polyfill
• 4a951e5 docs: update history for 1.1.1
• f9f6416 fix: strip sensitive headers on redirect to different origin
• 9dd0687 1.1.0
• 49497ba Update history for 1.1.0 (#146)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by rexxars, a new releaser for eventsource since your current version.

Updates express from 4.16.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates follow-redirects from 1.0.0 to 1.2.5

Release notes

Sourced from follow-redirects's releases.

v1.2.5

No release notes provided.

v1.2.4

No release notes provided.

v1.2.3

No release notes provided.

v1.2.2

No release notes provided.

v1.2.1

No release notes provided.

v1.2.0

No release notes provided.

v1.1.0

Add support for request bodies to redirected requests.

Fixes #35, #40.

Commits

• be81edd Release version 1.2.5 of the npm package.
• e2b3ef4 Merge pull request #69 from modosc/patch-1
• f8a6752 update debug dep because of security issue
• 1adedf1 Indent package.json and .travis.yml with spaces.
• 3d81c45 Test on all versions of Node.js.
• c3770de Release version 1.2.4 of the npm package.
• c159f6d Fix write after end.
• 8c11a9f Ensure completeness of responseUrl.
• 4b804de Reuse protocol variable.
• 0f0cd9a List supported Node.js version in package.json.
• Additional commits viewable in compare view

Updates handlebars from 4.0.10 to 4.7.8

Release notes

Sourced from handlebars's releases.

v4.7.8

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.8 - July 27th, 2023

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

• fix weird error in integration tests - eb860c0
• fix: check prototype property access in strict-mode (#1736) - b6d3de7
• fix: escape property names in compat mode (#1736) - f058970
• refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
• chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

• the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

• #1672 - Switch cmd parser to latest minimist (@​dougwilson

Compatibility notes:

• Restored Node.js compatibility

Commits

v4.7.5 - April 2nd, 2020

Chore/Housekeeping:

• Node.js version support has been changed to v6+ Reverted in 4.7.6

Compatibility notes:

... (truncated)

Commits

• 8dc3d25 v4.7.8
• 668c4fb Fix browser tests in CI pipeline
• c65c6cc Test on Node 18
• 3d3796c Make library compatible with workers
• 075b354 Fix sync issue with npm lock-file
• 30dbf04 Fix compiling of each block params in strict mode
• e3a5448 Fix bundler issue with webpack 5
• 8e23642 Fix integration-tests issue with npm >= 7
• 88ac068 use https instead of git for mustache submodule
• c68bc08 Fix typo
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.

Updates loader-utils from 1.1.0 to 1.4.2

Release notes

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

v1.4.0

1.4.0 (2020-02-19)

Features

• the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

v1.3.0

1.3.0 (2020-02-19)

Features

• support the [query] template for the interpolatedName method (#162) (469eeba)

v1.2.3

1.2.3 (2018-12-27)

Bug Fixes

• interpolateName: don't interpolated hashType without hash or contenthash (#140) (3528fd9)

v1.2.2

1.2.2<...

Description has been truncated

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.