Bump the npm_and_yarn group across 1 directory with 13 updates

[dependabot]

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package	From	To
angular	1.6.7	1.8.3
yarn	1.3.2	1.22.13
bootstrap	3.3.7	5.0.0
jquery	3.1.1	3.5.0
concat-with-sourcemaps	1.0.4	1.1.0
es5-ext	0.10.37	0.10.64
extend	3.0.1	3.0.2
hosted-git-info	2.5.0	2.8.9
ini	1.3.5	1.3.8
is-my-json-valid	2.16.1	2.20.6
js-yaml	3.10.0	3.14.1
path-parse	1.0.5	1.0.7

Updates angular from 1.6.7 to 1.8.3

Changelog

Sourced from angular's changelog.

1.8.3 ultimate-farewell (2022-04-07)

One final release of AngularJS in order to update package README files on npm.

1.8.2 meteoric-mining (2020-10-21)

Bug Fixes

• $sceDelegate: ensure that resourceUrlWhitelist() is identical to trustedResourceUrlList() (e41f01, #17090)

1.8.1 mutually-supporting (2020-09-30)

Bug Fixes

• $sanitize: do not trigger CSP alert/report in Firefox and Chrome (2fab3d)

Refactorings

• SanitizeUriProvider: remove usages of whitelist (76738102)
• httpProvider: remove usages of whitelist and blacklist (c953af6b)
• sceDelegateProvider: remove usages of whitelist and blacklist (a206e267)

Deprecation Notices

• Deprecated $compileProvider.aHrefSanitizationWhitelist. It is now aHrefSanitizationTrustedUrlList.
• Deprecated $compileProvider.imgSrcSanitizationWhitelist. It is now imgSrcSanitizationTrustedUrlList.
• Deprecated $httpProvider.xsrfWhitelistedOrigins. It is now xsrfTrustedOrigins.
• Deprecated $sceDelegateProvider.resourceUrlWhitelist. It is now trustedResourceUrlList.
• Deprecated $sceDelegateProvider.resourceUrlBlacklist. It is now bannedResourceUrlList.

For the purposes of backward compatibility, the previous symbols are aliased to their new symbol.

1.8.0 nested-vaccination (2020-06-01)

_This release contains a breaking change to resolve a security issue which was discovered by Krzysztof Kotowicz(@​koto); and independently by Esben Sparre Andreasen (@​esbena) while

... (truncated)

Commits

• cf16b24 docs(changelog): add release notes for 1.8.3
• 757d56e docs(*): update end-of-life messages (#17177)
• f362437 docs(eol): add EOL options text and link to template header used in every page
• fb04e42 test(Angular): fix angularInit() tests on Safari v15+
• 6a52c4f test(input): fix tests on Firefox v93+
• ed30c4d docs(README.md): add wiki link to MVC
• 4032655 chore(deps): bump js-yaml from 3.5.5 to 3.14.1
• 47f8c65 chore(deps): bump normalize-url from 4.5.0 to 4.5.1
• 56b0ee3 chore(e2e): run tests against Chrome 91 on macOS Catalina
• 58cd897 chore(e2e): run tests against Firefox 85 on macOS Catalina
• Additional commits viewable in compare view

Updates yarn from 1.3.2 to 1.22.13

Release notes

Sourced from yarn's releases.

v1.22.13

• Fixes a potential security issue where packages could run scripts even with --ignore-builds set (Windows only)
• Fixes yarn init -y2 w/ Corepack
• yarn set version stable (and canary) will now defer to the stable & canary for upgrading the project

v1.22.12

Bogus release (published the wrong folder)

v1.22.11

This version fixes a problem where Yarn wasn't forwarding SIGTERM to the binary spawned via yarnPath. It also makes yarn init -2 compatible with Corepack. The behaviour of yarn init (without -2) doesn't change.

Remember that Yarn 1.x won't receive further functional improvements. We recommend you to switch to the recently-released 3.0, and to ping us on Discord if you find issues when migrating (also check our Migration Guide).

1.22.10

(and prior)

Please check the changelog for details: https://github.com/yarnpkg/yarn/blob/master/CHANGELOG.md

For technical reasons, no prebuilt artifacts will be generated for this release. Please use npm install -g yarn to install it.

v1.22.5

No release notes provided.

v1.22.4

No release notes provided.

v1.22.3

No release notes provided.

v1.22.2

No release notes provided.

v1.22.1

No release notes provided.

v1.22.0

No release notes provided.

v1.21.1

No release notes provided.

v1.21.0

No release notes provided.

v1.20.0

No release notes provided.

v1.19.2

No release notes provided.

... (truncated)

Changelog

Sourced from yarn's changelog.

Changelog

Please add one entry in this file for each change in Yarn's behavior. Use the same format for all entries, including the third-person verb. Make sure you don't add more than one line of text to keep it clean. Thanks!

1.22.11

This version fixes a problem where Yarn wasn't forwarding SIGTERM to the binary spawned via yarnPath. It also makes yarn init -2 compatible with Corepack. The behaviour of yarn init (without -2) doesn't change.

Remember that Yarn 1.x won't receive further functional improvements. We recommend you to switch to the recently-released 3.0, and to ping us on Discord if you find issues when migrating (also check our Migration Guide).

1.22.10 (and prior)

• Tweak the preinstall check to not cause errors when Node is installed as root (as a downside, it won't run at all on Windows, which should be an acceptable tradeoff): yarnpkg/yarn#8358

1.22.7

This release doesn't change anything and was caused by a publish issue.

1.22.6

• Running yarn init with the -2 flag won't print the set version output anymore.

• A new preinstall check will ensure that npm install -g yarn works even under Corepack. It doesn't have any effect on other setups.

1.22.5

• Headers won't be printed when calling yarn init with the -2 flag

  Maël Nison

• Files with the .cjs extension will be spawned by yarnPath using `execPath

  #8144 - bgotink

• Generates local yarn verions as .cjs files when calling yarn set version

  #8145 - bgotink

• Sorts files when running yarn pack to produce identical layout on Windows and Unix systems

  #8142 - Merceyz

1.22.4 / 1.22.3

Those versions didn't contain any changes and were just triggered by our infra while working on the tests.

1.22.2

• Ignores .yarnrc.yml by default when running yarn pack

... (truncated)

Commits

• 1c92d69 v1.22.13
• 4a13eb3 v1.22.12
• 63cf0ac Updates 'set version' to shell out to Yarn 2 when requested
• 67fcce8 Prevents the cwd from being a valid resolution for exec
• 360b43a Don't pass the binary name anymore
• 59cb57b Bumps the patch version
• d4740b5 Fixes missing argument in init
• d64f979 Forwards SIGTERM signals
• d5b532c Removes the Node 8 MacOS test, which isnt supported by CircleCI anymore
• bbd5bfb Adds Corepack integration
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by arcanis, a new releaser for yarn since your current version.

Updates bootstrap from 3.3.7 to 5.0.0

Release notes

Sourced from bootstrap's releases.

v5.0.0

Highlights

#32155: Updated make-col() mixin to generate equal columns when no size is specified #32763: Added new color-scheme() mixin #33389: Dropdown menus now have option become clickable #33453: Added new docs footer #33548: Offcanvas header components are now vertically aligned #33549: Added offcanvas-top modifier #33634: Added support for .dropdown-items wrapped in <li>s #33626: Fix v5 regressions in tab dropdown functionality

🚀 Features

• #32763: Add color-scheme mixin
• #33389: Dropdown — Add option to make the dropdown menu clickable
• #33549: Add offcanvas-top modifier

🎨 CSS

• #32155: Add equal column mixin
• #32763: Add color-scheme mixin
• #33292: Make accordion icon rotation more natural
• #33411: Fix validation feedback icon in select multiple
• #33478: Make .nav-link color consistent when using buttons
• #33482: Dropdown — Apply positioning only when Popper is not used
• #33548: Vertically align offcanvas header components
• #33549: Add offcanvas-top modifier
• #33550: Spinner alignment changes
• #33598: Hide validation icons from multiple selects
• #33600: Have $form-check-input-border's default derive from $black
• #33607: Reduce color-scheme complexity
• #33642: use :read-only css selector instead [readonly] for consistency
• #33658: fix: use list-group variable instead of alert
• #33736: accordion: fix border-top on Firefox

☕️ JavaScript

• #32439: Decouple BackDrop from modal
• #33245: Decouple Modal's scrollbar functionality
• #33249: Simplify Modal Config
• #33250: Simplify ScrollSpy config
• #33310: fix: make EventHandler better handle mouseenter/mouseleave events
• #33389: Dropdown — Add option to make the dropdown menu clickable
• #33429: Remove element event listeners through base component
• #33451: Add missing things in hide method of dropdown
• #33456: Use our isDisabled util on dropdown
• #33466: Refactor dropdown's hide functionality
• #33479: Fix dropdown escape propagation
• #33496: Use cached noop function

... (truncated)

Commits

• bf09367 Release v5.0.0 (#33647)
• 48ae5a7 Rewrite migration guide (#33834)
• f086572 refactor(docs): Added form file input variables (#33833)
• 1a54286 Fix doc typo and Bootstrap Icons link (#33832)
• e2df73f Update migration guide for some v5 changes (#33829)
• 1e6356a Neutralise more words from placeholder text (#33731)
• 6633845 Bump eslint-config-xo from 0.35.0 to 0.36.0 (#33646)
• cb38744 Tweak toast docs (#33810)
• c2ff225 Bump rollup from 2.46.0 to 2.47.0 (#33818)
• c090ea2 Bump @​babel/preset-env from 7.14.0 to 7.14.1 (#33819)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by mdo, a new releaser for bootstrap since your current version.

Updates jquery from 3.1.1 to 3.5.0

Release notes

Sourced from jquery's releases.

jQuery 3.5.0 Released!

See the blog post: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ and the upgrade guide: https://jquery.com/upgrade-guide/3.5/

NOTE: Despite being a minor release, this update includes a breaking change that we had to make to fix a security issue ( CVE-2020-11022). Please follow the blog post & the upgrade guide for more details.

Commits

• 7a0a850 3.5.0
• 8570a08 Release: Update AUTHORS.txt
• da3dd85 Ajax: Do not execute scripts for unsuccessful HTTP responses
• 065143c Ajax: Overwrite s.contentType with content-type header value, if any
• 1a4f10d Tests: Blacklist one focusin test in IE
• 9e15d6b Event: Use only one focusin/out handler per matching window & document
• 966a709 Manipulation: Skip the select wrapper for <option> outside of IE 9
• 1d61fd9 Manipulation: Make jQuery.htmlPrefilter an identity function
• 04bf577 Selector: Update Sizzle from 2.3.4 to 2.3.5
• 7506c9c Build: Resolve Travis config warnings
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by mgol, a new releaser for jquery since your current version.

Updates concat-with-sourcemaps from 1.0.4 to 1.1.0

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by floridoo, a new releaser for concat-with-sourcemaps since your current version.

Updates es5-ext from 0.10.37 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

---

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

---

Comparison since last release

0.10.62 (2022-08-02)

Maintenance Improvements

• Manifest improvements:
  • (#190) (b8dc53f)
  • (c51d552)

---

Comparison since last release

0.10.61 (2022-04-20)

Bug Fixes

• Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

• Bump dependencies (d7e0a61)

---

Comparison since last release

0.10.60 (2022-04-07)

Maintenance Improvements

• Improve postinstall script configuration (ab6b121)

---

... (truncated)

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

0.10.62 (2022-08-02)

Maintenance Improvements

• Manifest improvements:
  • (#190) (b8dc53f)
  • (c51d552)

0.10.61 (2022-04-20)

Bug Fixes

• Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

• Bump dependencies (d7e0a61)

0.10.60 (2022-04-07)

Maintenance Improvements

• Improve postinstall script configuration (ab6b121)

0.10.59 (2022-03-17)

Maintenance Improvements

• Improve manifest wording (#122) (eb7ae59)
• Update data in manifest (3d2935a)

0.10.58 (2022-03-11)

... (truncated)

Commits

• f76b03d chore: Release v0.10.64
• 2881acd chore: Bump dependencies
• c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
• 16f2b72 docs: Fix date in the changelog
• de4e03c chore: Release v0.10.63
• 3fd53b7 chore: Upgrade lint-staged to v13
• bf8ed79 chore: Ensure postinstall script does not crash on Windows
• 2cbbb07 chore: Bump dependencies
• 22d0416 chore: Bump LICENSE year
• a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
• Additional commits viewable in compare view

Updates extend from 3.0.1 to 3.0.2

Changelog

Sourced from extend's changelog.

3.0.2 / 2018-07-19

• [Fix] Prevent merging __proto__ property (#48)
• [Dev Deps] update eslint, @ljharb/eslint-config, tape
• [Tests] up to node v10.7, v9.11, v8.11, v7.10, v6.14, v4.9; use nvm install-latest-npm

Commits

• 8d106d2 v3.0.2
• e97091f [Dev Deps] update tape
• e841aac [Tests] up to node v10.7
• 0e68e71 [Fix] Prevent merging proto property
• a689700 Only apps should have lockfiles
• f13c1c4 [Dev Deps] update eslint, @ljharb/eslint-config, tape
• f3570fe [Tests] up to node v10.0, v9.11, v8.11, v7.10, v6.14, v4.9; use...
• See full diff in compare view

Updates hosted-git-info from 2.5.0 to 2.8.9

Changelog

Sourced from hosted-git-info's changelog.

2.8.9 (2021-04-07)

Bug Fixes

• backport regex fix from #76 (29adfe5), closes #84

2.8.8 (2020-02-29)

Bug Fixes

• #61 & #65 addressing issues w/ url.URL implmentation which regressed node 6 support (5038b18), closes #66

2.8.7 (2020-02-26)

Bug Fixes

• Do not attempt to use url.URL when unavailable (2d0bb66), closes #61 #62
• Do not pass scp-style URLs to the WhatWG url.URL (f2cdfcf), closes #60

2.8.6 (2020-02-25)

2.8.5 (2019-10-07)

Bug Fixes

• updated pathmatch for gitlab (e8325b5), closes #51
• updated pathmatch for gitlab (ffe056f)

2.8.4 (2019-08-12)

... (truncated)

Commits

• 8d4b369 chore(release): 2.8.9
• 29adfe5 fix: backport regex fix from #76
• afeaefd chore(release): 2.8.8
• 5038b18 fix: #61 & #65 addressing issues w/ url.URL implmentation which regressed nod...
• 7440afa chore(release): 2.8.7
• 2d0bb66 fix: Do not attempt to use url.URL when unavailable
• f2cdfcf fix: Do not pass scp-style URLs to the WhatWG url.URL
• e1b83df chore(release): 2.8.6
• ff259a6 Ensure passwords in hosted Git URLs are correctly escaped
• 624fd6f chore(release): 2.8.5
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.

Updates ini from 1.3.5 to 1.3.8

Commits

• a2c5da8 1.3.8
• af5c6bb Do not use Object.create(null)
• 8b648a1 don't test where our devdeps don't even work
• c74c8af 1.3.7
• 024b8b5 update deps, add linting
• 032fbaf Use Object.create(null) to avoid default object property hazards
• 2da9039 1.3.6
• cfea636 better git push script, before publish instead of after
• 56d2805 do not allow invalid hazardous string as section name
• See full diff in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Updates is-my-json-valid from 2.16.1 to 2.20.6

Commits

• 58d30cb 2.20.6
• f76edf0 Merge pull request #188 from axelniklasson/master
• 4eef089 Upgrade jsonpointer to address security vulnerability
• 441f812 2.20.5
• d36a1b1 Merge pull request #182 from ChALkeR/chalker/fix-comma
• b6ea484 Fix uri prefix detection
• 5389c5b Merge pull request #181 from ChALkeR/chalker/fix-undef
• df5b313 add funding file
• c224619 Fix 'required' implementation
• 2534af4 2.20.4
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by linusu, a new releaser for is-my-json-valid since your current version.

Updates js-yaml from 3.10.0 to 3.14.1

Changelog

Sourced from js-yaml's changelog.

[3.14.1] - 2020-12-07

Security

• Fix possible code execution in (already unsafe) .load() (in &anchor).

[3.14.0] - 2020-05-22

Changed

• Support safe/loadAll(input, options) variant of call.
• CI: drop outdated nodejs versions.
• Dev deps bump.

Fixed

• Quote = in plain scalars #519.
• Check the node type for !<?> tag in case user manually specifies it.
• Verify that there are no null-bytes in input.
• Fix wrong quote position when writing condensed flow, #526.

[3.13.1] - 2019-04-05

Security

• Fix possible code execution in (already unsafe) .load(), #480.

[3.13.0] - 2019-03-20

Security

• Security fix: safeLoad() can hang when arrays with nested refs used as key. Now throws exception for nested arrays. #475.

[3.12.2] - 2019-02-26

Fixed

• Fix noArrayIndent option for root level, #468.

[3.12.1] - 2019-01-05

Added

• Added noArrayIndent option, #432.

[3.12.0] - 2018-06-02

Changed

• Support arrow functions without a block statement, #421.

[3.11.0] - 2018-03-05

Added

• Add arrow functions suport for !!js/function.

Fixed

• Fix dump in bin/octal/hex formats for negative integers, #399.

Commits

• 37caaad 3.14.1 released
• 094c0f7 dist rebuild
• 9586ebe Avoid calling hasOwnProperty of user-controlled objects
• 34e5072 3.14.0 released
• 7b25c83 Browser files rebuild
• 6f73473 Dev deps bump
• 0c29349 Travis-CI: drop old nodejs versions
• 10be97e fix(loader): Add support for safe/loadAll(input, options)
• d6983dd Fix issue #526: wrong quote position writing condensed flow (#527)
• 93fbf7d fix issue 526 (wrong quote position writing condensed flow)
• Additional commits viewable in compare view

Updates jsonpointer from 4.0.1 to 5.0.1

Release notes

Sourced from jsonpointer's releases.

Version 5.0.1

Changelog

• Fix incorrect typings for compile get/set methods (#58, thanks to @​haakemon)
• Fix null values throwing exception when traversing over while getting (#50, thanks to @​reckter)
• Fix tests for null and undefined assertions (janl/node-jsonpointer@a5706e8)

v5.0.0

5.0.0 (2021-10-31)

Bug Fixes

• Fix prototype pollution (#51)

  • The original, non-mutated objects are now returned if any of the keys __proto__, constructor or prototype are used in a json pointer.

  // returns the unmodified input {}
  jsonpointer.set({}, '/foo/__proto__/boo', 'polluted')

  • When passing non-string arrays to a .set operation, an error is thrown:

  // throws `new Error('Invalid JSON pointer. Must be of type string or number.')`
  jsonpointer.set({}, [['__proto__'], ['__proto__'], 'boo'], 'polluted')

v4.1.0

4.1.0 (2020-07-03)

Bug Fixes

• prototype pollution (234e343)

Features

• docs: thank contributors (b67e402)
• docs: use npm test (ad96a94)
• re-add semantic release (49b7074)

Commits

• 4a253c0 Adopt strictEqual changes and only return null when the get succeeded
• bad4983 Fix null values throwing exception when traversing over while getting
• a5706e8 test: Always use strictEqual to ensure null and undefined values are asserted...
• b8e1e6a fix incorrect typings for compile get/set methods
• c4de620 Merge pull request #53 from janl/release/5.0.0
• 8dbf304 feat: v5
• 84cf173 Merge pull request #52 from janl/fix/test
• f716e5c chore: more rip travis
• e2ae355 chore: remove comment
• d23693b chore: update primary branch
• Additional commits viewable in compare view

Updates path-parse from 1.0.5 to 1.0.7

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.