Bump the npm_and_yarn group across 1 directory with 26 updates

[dependabot]

Bumps the npm_and_yarn group with 22 updates in the / directory:

Package	From	To
koa	2.7.0	2.16.1
nodemailer	6.3.0	6.9.9
openpgp	4.5.5	4.10.11
bootstrap	3.4.1	5.0.0
jquery	3.4.1	3.5.0
ajv	6.10.2	6.12.6
async	2.6.2	2.6.4
bson	1.1.1	1.1.6
color-string	1.5.3	1.9.1
debug	3.2.6	4.4.1
mocha	6.2.0	11.6.0
eslint-utils	1.4.0	1.4.3
ini	1.3.5	1.3.8
json5	1.0.1	1.0.2
minimist	1.2.0	1.2.8
mkdirp	0.5.1	0.5.6
node-fetch	2.6.0	2.7.0
path-to-regexp	1.7.0	1.9.0
pathval	1.1.0	1.1.1
qs	6.6.0	6.14.0
thenify	3.3.0	3.3.1
urijs	1.19.1	1.19.11

Updates koa from 2.7.0 to 2.16.1

Release notes

Sourced from koa's releases.

v2.16.1

fix: don't render redirect values in anchor ref

2.16.0

This is a backported release to fix core underlying issue with HEAD requests when using http2.createSecureServer. See discussion at koajs/koa#1593 and koajs/koa#1547.

• fix missing cleanup, if response socket is no longer writeable (issue 1547) (koajs/koa#1593) 399cb6b0dd2104224c0ef0ce8e92f84e4f7faf42

2.15.4

Full Changelog: koajs/koa@2.15.3...2.15.4

Fix: avoid redos on host and protocol getter, see GHSA-593f-38f6-jp5m

Changelog

Sourced from koa's changelog.

[!IMPORTANT] Moving forwards we are using the GitHub releases page at https://github.com/koajs/koa/releases in combination with np for publishing releases and their changelogs.

---

3.0.0-alpha.3 / 2025-02-11

fixes

• Avoid redos on host and protocol getter

3.0.0-alpha.2 / 2024-11-04

breaking changes

• Update http-errors to v2.0.0 #1486
  • ctx.throw now requires a format of ctx.throw(status, error, properties). See: https://www.npmjs.com/package/http-errors
• Remove res.redirect('back'), add back() method to ctx #1115
• Replace node querystring with URLSearchParams #1828
• Remove obsolete createAsyncCtxStorageMiddleware #1817

features

• Add support for web WHATWG #1830

updates

• Update cookies to ~0.9.1 #1846
• Update statuses to ^2.0.1
• Update supertest to ^7.0.0 #1841

fixes

• Fix exports.defaults in package.json #1630
• Fix leaky handles in tests #1838
• Fix body null checks #1814
• Fix reformatting redirect URLs #1805 #1804
• Fix passing ctx in error handler #1758

migrations

• Migrate from jest to the native node test runner #1845

3.0.0-alpha.1 / 2023-04-12

fixes

• [e98b8d1] - fix: can not get currentContext in error handler (#1758) (Gxkl )

3.0.0-alpha.0 / 2023-01-02

Breaking Changes

... (truncated)

Commits

• ba14822 2.16.1
• 2ff6c3f 2.16.0
• 3d51d03 ci: allow codecov to fail
• eb84d89 fix: don't render redirect values in anchor ref
• 5f294bb Merge commit from fork
• 77cbf2e Release 2.15.3
• 1fad597 fix: require URL from 'url' module (#1809)
• ddbff30 Release 2.15.2
• 94e8def fix: handle upper case protocol like HTTP or HTTPS (#1806)
• 549455d Release 2.15.1
• Additional commits viewable in compare view

Updates nodemailer from 6.3.0 to 6.9.9

Release notes

Sourced from nodemailer's releases.

v6.9.9

6.9.9 (2024-02-01)

Bug Fixes

• security: Fix issues described in GHSA-9h6g-pr28-7cqp. Do not use eternal matching pattern if only a few occurences are expected (dd8f5e8)
• tests: Use native node test runner, added code coverage support, removed grunt (#1604) (be45c1b)

v6.9.8

6.9.8 (2023-12-30)

Bug Fixes

• punycode: do not use native punycode module (b4d0e0c)

v6.9.7

6.9.7 (2023-10-22)

Bug Fixes

• customAuth: Do not require user and pass to be set for custom authentication schemes (fixes #1584) (41d482c)

v6.9.6

6.9.6 (2023-10-09)

Bug Fixes

• inline: Use 'inline' as the default Content Dispostion value for embedded images (db32c93)
• tests: Removed Node v12 from test matrix as it is not compatible with the test framework anymore (7fe0a60)

v6.9.5

6.9.5 (2023-09-06)

Bug Fixes

• license: Updated license year (da4744e)

Changelog

Sourced from nodemailer's changelog.

6.9.9 (2024-02-01)

Bug Fixes

• security: Fix issues described in GHSA-9h6g-pr28-7cqp. Do not use eternal matching pattern if only a few occurences are expected (dd8f5e8)
• tests: Use native node test runner, added code coverage support, removed grunt (#1604) (be45c1b)

6.9.8 (2023-12-30)

Bug Fixes

• punycode: do not use native punycode module (b4d0e0c)

6.9.7 (2023-10-22)

Bug Fixes

• customAuth: Do not require user and pass to be set for custom authentication schemes (fixes #1584) (41d482c)

6.9.6 (2023-10-09)

Bug Fixes

• inline: Use 'inline' as the default Content Dispostion value for embedded images (db32c93)
• tests: Removed Node v12 from test matrix as it is not compatible with the test framework anymore (7fe0a60)

6.9.5 (2023-09-06)

Bug Fixes

• license: Updated license year (da4744e)

6.9.4 2023-07-19

• Renamed SendinBlue to Brevo

6.9.3 2023-05-29

• Specified license identifier (was defined as MIT, actual value MIT-0)
• If SMTP server disconnects with a message, process it and include as part of the response error

6.9.2 2023-05-11

• Fix uncaught exception on invalid attachment content payload

... (truncated)

Commits

• 5a2e10f chore(master): release 6.9.9 [skip-ci] (#1606)
• dd8f5e8 fix(security): Fix issues described in GHSA-9h6g-pr28-7cqp. Do not use eterna...
• 2c2b46a chore: do not use caret in version specifier
• be45c1b fix(tests): Use native node test runner, added code coverage support, removed...
• 4233f6f chore(master): release 6.9.8 [skip-ci] (#1605)
• 09d502f chore: removed double file
• b4d0e0c fix(punycode): do not use native punycode module
• 8376c02 Test new github notice syntax for README
• bc46a3b Updated stale github action
• 78bdaf8 chore: remove redundant AWS SDK for JavaScript v2 (#1593)
• Additional commits viewable in compare view

Updates openpgp from 4.5.5 to 4.10.11

Release notes

Sourced from openpgp's releases.

v4.10.11 (legacy)

Reject cleartext messages with extraneous data preceeding hash, addressing: GHSA-ch3c-v47x-4pgp.

v4.10.10

• Update tweetnacl-js to v1.0.3 (fixing a security issue with generating Ed25519 signatures)
• Fix ElGamal parameter range and PKCS1 decoding (#1169)

v4.10.9

• WKD: Fix "TypeError: fetch is not a function" in Node.js environment (#1181)
• Fix and test dummy key conversion (#1172)
• Fix documentation of the HKP keyId option (#1151)

v4.10.8

• Add config option to allow insecure decryption with RSA signing keys (#1148)
• Allow decryption with revoked keys (#1135)
• Support non-human-readable notation values (#983)
• Add test case for unknown binary notations (#1140)
• Add SecretKey.prototype.makeDummy (#1131)
• Use correct algorithm in ECC validation tests

v4.10.7

• Handle CORS errors during WKD lookup (#1125)
  • Throw in WKD lookup on HTTP errors instead of returning undefined
• Refactor WKD lookup code (#1123)
• Fix key validation tests
• Fix decryption tests

v4.10.6

• Don't zero-copy transfer buffers from the worker by default Fixes signing messages using the same key multiple times in one worker.

v4.10.5

• Faster and more secure, cipher-specific key validation (#1116). Also,
  • Validate keys during decryption
  • Check binding signatures for decryption keys when decrypting messages
  • Do not always fallback on Web Crypto ECC errors
• Add support for advanced WKD lookup (#1115)
• Fix stream-encrypting+signing a message using the Worker (#1112)
• Pass around KDF params as objects (#1104)
• Fix keyId types in JSDoc comments (#1100)
• Also create issuer fingerprint subpacket for v4 keys, not just v5 keys (#1097)

v4.10.4

• Fix normalizing \n after \r\n (broken in v4.10.3)

v4.10.3

• Support compressed data packets with algorithm=uncompressed (#1085)
• Fix memory usage when non-streaming-en/decrypting large files (broken in v4.10.2)
• Drop support for \r as EOL (#1073)
• Fix verification of EdDSA signatures with short MPIs (#1083)

... (truncated)

Commits

• d8a1e25 Release new version
• 8aa633c Reject cleartext messages with extraneous data preceeding hash header
• 1f237e6 Release new version
• 38ec531 Fix ElGamal param range and PKCS1 decoding (#1169)
• d5373ef Update tweetnacl-js
• 21f4ba4 Release new version
• a4b56c9 WKD: Fix "TypeError: fetch is not a function" in Node.js environment (#1181)
• 08fc7b3 Fix and test dummy key conversion (#1172)
• 929b016 Fix documentation of the HKP keyId option (#1151)
• aa89893 Release new version
• Additional commits viewable in compare view

Updates bootstrap from 3.4.1 to 5.0.0

Release notes

Sourced from bootstrap's releases.

v5.0.0

Highlights

#32155: Updated make-col() mixin to generate equal columns when no size is specified #32763: Added new color-scheme() mixin #33389: Dropdown menus now have option become clickable #33453: Added new docs footer #33548: Offcanvas header components are now vertically aligned #33549: Added offcanvas-top modifier #33634: Added support for .dropdown-items wrapped in <li>s #33626: Fix v5 regressions in tab dropdown functionality

🚀 Features

• #32763: Add color-scheme mixin
• #33389: Dropdown — Add option to make the dropdown menu clickable
• #33549: Add offcanvas-top modifier

🎨 CSS

• #32155: Add equal column mixin
• #32763: Add color-scheme mixin
• #33292: Make accordion icon rotation more natural
• #33411: Fix validation feedback icon in select multiple
• #33478: Make .nav-link color consistent when using buttons
• #33482: Dropdown — Apply positioning only when Popper is not used
• #33548: Vertically align offcanvas header components
• #33549: Add offcanvas-top modifier
• #33550: Spinner alignment changes
• #33598: Hide validation icons from multiple selects
• #33600: Have $form-check-input-border's default derive from $black
• #33607: Reduce color-scheme complexity
• #33642: use :read-only css selector instead [readonly] for consistency
• #33658: fix: use list-group variable instead of alert
• #33736: accordion: fix border-top on Firefox

☕️ JavaScript

• #32439: Decouple BackDrop from modal
• #33245: Decouple Modal's scrollbar functionality
• #33249: Simplify Modal Config
• #33250: Simplify ScrollSpy config
• #33310: fix: make EventHandler better handle mouseenter/mouseleave events
• #33389: Dropdown — Add option to make the dropdown menu clickable
• #33429: Remove element event listeners through base component
• #33451: Add missing things in hide method of dropdown
• #33456: Use our isDisabled util on dropdown
• #33466: Refactor dropdown's hide functionality
• #33479: Fix dropdown escape propagation
• #33496: Use cached noop function

... (truncated)

Commits

• bf09367 Release v5.0.0 (#33647)
• 48ae5a7 Rewrite migration guide (#33834)
• f086572 refactor(docs): Added form file input variables (#33833)
• 1a54286 Fix doc typo and Bootstrap Icons link (#33832)
• e2df73f Update migration guide for some v5 changes (#33829)
• 1e6356a Neutralise more words from placeholder text (#33731)
• 6633845 Bump eslint-config-xo from 0.35.0 to 0.36.0 (#33646)
• cb38744 Tweak toast docs (#33810)
• c2ff225 Bump rollup from 2.46.0 to 2.47.0 (#33818)
• c090ea2 Bump @​babel/preset-env from 7.14.0 to 7.14.1 (#33819)
• Additional commits viewable in compare view

Updates jquery from 3.4.1 to 3.5.0

Release notes

Sourced from jquery's releases.

jQuery 3.5.0 Released!

See the blog post: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ and the upgrade guide: https://jquery.com/upgrade-guide/3.5/

NOTE: Despite being a minor release, this update includes a breaking change that we had to make to fix a security issue ( CVE-2020-11022). Please follow the blog post & the upgrade guide for more details.

Commits

• 7a0a850 3.5.0
• 8570a08 Release: Update AUTHORS.txt
• da3dd85 Ajax: Do not execute scripts for unsuccessful HTTP responses
• 065143c Ajax: Overwrite s.contentType with content-type header value, if any
• 1a4f10d Tests: Blacklist one focusin test in IE
• 9e15d6b Event: Use only one focusin/out handler per matching window & document
• 966a709 Manipulation: Skip the select wrapper for <option> outside of IE 9
• 1d61fd9 Manipulation: Make jQuery.htmlPrefilter an identity function
• 04bf577 Selector: Update Sizzle from 2.3.4 to 2.3.5
• 7506c9c Build: Resolve Travis config warnings
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by mgol, a new releaser for jquery since your current version.

Updates ajv from 6.10.2 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@​sambauers, #1143) Option keywords to add custom keywords (@​franciscomorais, #1137) Types fixes (@​boenrobot, @​MattiAstedrone) Docs:

• error logging example (@​RadiationSickness)
• TypeScript usage notes (@​thetric)

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @​cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

Commits

• fe59143 6.12.6
• d580d3e Merge pull request #1298 from ajv-validator/fix-url
• fd36389 fix: regular expression for "url" format
• 490e34c docs: link to v7-beta branch
• 9cd93a1 docs: note about v7 in readme
• 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
• f1c8e45 6.12.5
• 764035e Merge branch 'ChALkeR-chalker/fix-comma'
• 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
• a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
• Additional commits viewable in compare view

Updates async from 2.6.2 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

• Fix potential prototype pollution exploit (#1828)

v2.6.3

• Updated lodash to squelch a security warning (#1675)

Commits

• c6bdaca Version 2.6.4
• 8870da9 Update built files
• 4df6754 update changelog
• 8f7f903 Fix prototype pollution vulnerability (#1828)
• f1d8383 Version 2.6.3
• 2b674c1 update changelog
• eab740f fix: udpate lodash. closes #1675
• See full diff in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Updates bson from 1.1.1 to 1.1.6

Release notes

Sourced from bson's releases.

1.1.6

The MongoDB Node.js team is pleased to announce version 1.1.6 of the bson module!

The BSON library was written prior to the invention of the BigInt type in Javascript ecosystem. As a result the library was not able to serialize the type properly and silently failed to correctly maintain the bigint value. With this update, the library will now throw an error if it detects a bigint value. However, we've also added to/fromBigInt helper methods to the long class, please note that numbers will be clamped to int64 bit width.

const bytes = BSON.serialize({ myBigNumber: Long.fromBigInt(23n) })
const doc = BSON.deserialize(bytes)
doc.myBigNumber.toBigInt() === 23n // true

New Feature

• [NODE-2378] - Return error when failing to serialize bigint type and add Long class helpers

Documentation

• API: https://github.com/mongodb/js-bson#readme
• Changelog: https://github.com/mongodb/js-bson/blob/master/HISTORY.md#change-log

We invite you to try the bson library immediately, and report any issues to the NODE project. Thanks very much to all the community members who contributed to this release!

v1.1.4

The MongoDB Node.js team is pleased to announce version 1.1.4 of the bson module!

This patch release resolves an issue with BSON serialization with invalid _bsontype, originally reported by @​xiaofen9. MongoDB will be issuing a CVE for this vulnerability, and we recommend that all users pin their version of the bson module to 1.1.4 or higher.

Release Notes

Changelog

Sourced from bson's changelog.

1.1.6 (2021-03-16)

Bug Fixes

• Throw error on bigint usage and add helpers to Long (#426) (375f368)

1.1.5 (2020-08-10)

Bug Fixes

• object-id: harden the duck-typing (b526145)

1.1.3 (2019-11-09)

Reverts 1.1.2

1.1.2 (2019-11-08)

Bug Fixes

• _bsontype: only check bsontype if it is a prototype member. (dd8a349)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by nbbeeken, a new releaser for bson since your current version.

Updates color-string from 1.5.3 to 1.9.1

Release notes

Sourced from color-string's releases.

1.9.0

Minor Release 1.9.0

• Add parsing of exponential alpha values for HWB and HSL (#66)

Thanks to @​babycannotsay for their contribution!

1.8.2

Patch release 1.8.2

• Fix incorrect handling of optional comma in rgb() regex (#65)

Thanks to @​gerdasi and @​mastertheblaster for reporting and confirming the bug!

1.8.1

Patch release 1.8.1

• Fix rgb alpha percentage parsing from int to float (#61)

Thanks to @​clytras for their contribution!

1.8.0

Minor release 1.8.0

• Add anchors to keyword regex (#64)

Thanks to @​cq360767996 for their contribution!

1.7.4

Patch Release 1.7.4

• Fix bug in .to.hex() output if the inputs aren't rounded numbers (#25)

1.7.3

Patch Release 1.7.3

• Fix hue modulo operation (#50)

Thanks to @​adroitwhiz for their contributions.

1.7.2

Patch Release 1.7.2

• Fix issue where color-string with incorrectly return a color for properties on Object's prototype like "constructor". (#45)

Thanks to @​tolmasky for their contributions.

1.7.1

Patch release 1.7.1

... (truncated)

Commits

• See full diff in compare view

Updates debug from 3.2.6 to 4.4.1

Release notes

Sourced from debug's releases.

4.4.1

What's Changed

• fix(Issue-996): replace whitespaces in namespaces string with commas globally by @​pdahal-cx in debug-js/debug#997
• fixes #987 fallback to localStorage.DEBUG if debug is not defined by @​lzilioli in debug-js/debug#988

New Contributors

• @​pdahal-cx made their first contribution in debug-js/debug#997
• @​lzilioli made their first contribution in debug-js/debug#988

Full Changelog: debug-js/debug@4.4.0...4.4.1

4.4.0

Fixes (hopefully) the inefficient regex warnings in .enable().

Minor version as this is invariably going to break certain users who misuse the .enable() API and expected it to work with regexes, which was never supported nor documented. That's on you, sorry - that functionality won't be added back.

Full Changelog: debug-js/debug@4.3.7...4.4.0

4.3.7

What's Changed

• Upgrade ms to version 2.1.3 by @​realityking in debug-js/debug#819

Full Changelog: debug-js/debug@4.3.6...4.3.7

4.3.6

What's Changed

• Avoid using deprecated RegExp.$1 by @​bluwy in debug-js/debug#969

New Contributors

• @​bluwy made their first contribution in debug-js/debug#969

Full Changelog: debug-js/debug@4.3.5...4.3.6

4.3.5

Patch

• cac39b1c5b018b0fe93a53a05f084eee543d17f5 Fix/debug depth (#926)

Thank you @​calvintwr for the fix.

4.3.4

What's Changed

• Add section about configuring JS console to show debug messages by @​gitname in debug-js/debug#866
• Replace deprecated String.prototype.substr() by @​CommanderRoot in debug-js/debug#876

New Contributors

• @​gitname made their first contribution in debug-js/debug#866
• @​CommanderRoot made their first contribution in debug-js/debug#876

Full Changelog: debug-js/debug@4.3.3...4.3.4

... (truncated)

Commits

• 33330fa 4.4.1
• 98df33e remove istanbul
• bf2f574 fixes #987 fallback to localStorage.DEBUG if debug is not defined (#988)
• a0497bd Replace whitespaces in namespaces string with commas globally instead of just...
• 7e3814c 4.4.0
• d2d6bf0 fix inefficient .enable() regex and .enabled() test
• bc60914 4.3.7
• c63e96e Upgrade ms to version 2.1.3 (#819)
• 382864a remove archaic badges from readme
• c33b464 4.3.6
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by qix, a new releaser for debug since your current version.

Updates mocha from 6.2.0 to 11.6.0

Release notes

Sourced from mocha's releases.

v11.6.0

11.6.0 (2025-06-09)

🌟 Features

• bump workerpool from ^6.5.1 to ^9.2.0 (#5350) (581a3c5)

v11.5.0

11.5.0 (2025-05-22)

🌟 Features

• bump mimimatch from ^5.1.6 to ^9.0.5 (#5349) (a3dea85)

v11.4.0

11.4.0 (2025-05-19)

🌟 Features

• bump diff from ^5.2.0 to ^7.0.0 (#5348) (554d6bb)

📚 Documentation

• added CHANGELOG.md note around 11.1 yargs-parser update (#5362) (618415d)

v11.3.0

11.3.0 (2025-05-16)

🌟 Features

• add option to use posix exit code upon fatal signal (#4989) (91bbf85)

📚 Documentation

• Deploy new site alongside old one (#5360) (6c96545)
• mention explicit browser support range (#5354) (c514c0b)
• update Node.js version requirements for 11.x (#5329) (abf3dd9)

🧹 Chores

• remove prerelease setting in release-please config (#5363) (8878f22)

v11.2.2

... (truncated)

Changelog

Sourced from mocha's changelog.

11.6.0 (2025-06-09)

🌟 Features

• bump workerpool from ^6.5.1 to ^9.2.0 (#5350) (581a3c5)

11.5.0 (2025-05-22)

🌟 Features

• bump mimimatch from ^5.1.6 to ^9.0.5 (#5349) (a3dea85)

11.4.0 (2025-05-19)

🌟 Features

• bump diff from ^5.2.0 to ^7.0.0 (#5348) (554d6bb)

📚 Documentation

• added CHANGELOG.md note around 11.1 yargs-parser update (#5362) (618415d)

11.3.0 (2025-05-16)

🌟 Features

• add option to use posix exit code upon fatal signal (#4989) (91bbf85)

📚 Documentation

• Deploy new site alongside old one (#5360) (6c96545)
• mention explicit browser support range (#5354) (c514c0b)
• update Node.js version requirements for 11.x (#5329) (abf3dd9)

🧹 Chores

• remove prerelease setting in release-please config (#5363) (8878f22)

11.2.2 (2025-04-10)

🩹 Fixes

... (truncated)

Commits

• e68b9a6 chore(main): release 11.6.0 (#5373)
• 581a3c5 feat: bump workerpool from ^6.5.1 to ^9.2.0 (#5350)
• a7ed005 chore(main): release 11.5.0 (#5370)
• a3dea85 feat: bump mimimatch from ^5.1.6 to ^9.0.5 (#5349)
• 5730dfc chore(main): release 11.4.0 (#5368)
• 618415d docs: added CHANGELOG.md note around 11.1 yargs-parser update (#5362)
• 554d6bb fix: bump diff from ^5.2.0 to ^7.0.0 (#5348)
• fffe569 chore(main): release 11.3.0 (#5338)
• 91bbf85 feat: add option to use posix exit code upon fatal signal (#4989)
• 6c96545 docs: Deploy new site alongside old one (#5360)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by voxpelli, a new releaser for mocha since your current version.

Updates lodash from 4.17.11 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates eslint-utils from 1.4.0 to 1.4.3

Release notes

Sourced from eslint-utils's releases.

v1.4.3

🐛 Bug fixes

• 8f9e481ecc1204c7a1331b697f97903f90c75154 fixed false positive of ReferenceTracker.

v1.4.2

🐛 Bug fixes

• e4cb01498df6096b66edb0c78965ee6f47d3ac77 fixed a regression of the previous release.

v1.4.1

🐛 Bug fixes

• c119e832952c8c653bd4f21e39eb9f7ce48e5947 fixed getStaticValue() function to handle null literal correctly even if runtimes don't support BigInt natively.
• 587cca2f82c245f5fc4a8b9fb2cf6b35c0d02552 fixed getStringIfConstant() function to handle regular expression literals and BigInt literals even if runtimes don't support those.
...

Description has been truncated