chore(deps): bump the npm_and_yarn group across 1 directory with 40 updates

[dependabot]

Bumps the npm_and_yarn group with 28 updates in the / directory:

Package	From	To
karma	1.3.0	6.3.16
semantic-release	6.3.6	19.0.3
webpack-dev-server	1.16.2	3.1.11
bl	1.1.2	removed
phantomjs-prebuilt	2.1.13	2.1.16
browserify-sign	4.2.1	4.2.3
cached-path-relative	1.0.2	1.1.0
tunnel-agent	0.4.3	0.6.0
karma-coveralls	1.1.2	1.2.1
decode-uri-component	0.2.0	0.2.2
growl	1.9.2	removed
mocha	3.1.2	10.4.0
handlebars	4.7.6	4.7.8
https-proxy-agent	1.0.0	5.0.1
karma-sauce-launcher	1.1.0	1.2.0
json-schema	0.2.3	0.4.0
jsprim	1.4.1	1.4.2
jsonpointer	4.1.0	5.0.1
is-my-json-valid	2.20.5	2.20.6
loader-utils	0.2.17	removed
babel-loader	6.2.7	9.1.3
karma-webpack	1.8.0	5.0.1
webpack	1.13.3	5.91.0
webpack-stream	3.2.0	7.0.0
shell-quote	1.7.2	1.8.1
shelljs	0.7.8	removed
eslint	3.9.0	9.4.0
gulp-eslint	3.0.1	6.0.0

Updates karma from 1.3.0 to 6.3.16

Release notes

Sourced from karma's releases.

v6.3.16

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

v6.3.15

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

v6.3.14

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

v6.3.13

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #3751

v6.3.12

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

v6.3.11

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

... (truncated)

Changelog

Sourced from karma's changelog.

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #3734

... (truncated)

Commits

• ab4b328 chore(release): 6.3.16 [skip ci]
• ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
• c1befa0 chore(release): 6.3.15 [skip ci]
• d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
• 653c762 ci: prevent duplicate CI tasks on creating a PR
• c97e562 chore(release): 6.3.14 [skip ci]
• 91d5acd fix: remove string template from client code
• 69cfc76 fix: warn when singleRun and autoWatch are false
• 839578c fix(security): remove XSS vulnerability in returnUrl query param
• db53785 chore(release): 6.3.13 [skip ci]
• Additional commits viewable in compare view

Updates semantic-release from 6.3.6 to 19.0.3

Release notes

Sourced from semantic-release's releases.

v19.0.3

19.0.3 (2022-06-09)

Bug Fixes

• log-repo: use the original form of the repo url to remove the need to mask credentials (#2459) (58a226f), closes #2449

v19.0.2

19.0.2 (2022-01-18)

Bug Fixes

• npm-plugin: upgraded to the stable version (0eca144)

v19.0.1

19.0.1 (2022-01-18)

Bug Fixes

• npm-plugin: upgraded to the latest beta version (8097afb)

v19.0.0

19.0.0 (2022-01-18)

Bug Fixes

• npm-plugin: upgraded to the beta, which upgrades npm to v8 (f634b8c)
• upgrade marked to resolve ReDos vulnerability (#2330) (d9e5bc0)

BREAKING CHANGES

• npm-plugin: @semantic-release/npm has also dropped support for node v15
• node v15 has been removed from our defined supported versions of node. this was done to upgrade to compatible versions of marked and marked-terminal that resolved the ReDoS vulnerability. removal of support of this node version should be low since it was not an LTS version and has been EOL for several months already.

v19.0.0-beta.2

19.0.0-beta.2 (2022-01-17)

Bug Fixes

• npm-plugin: upgraded to the beta, which upgrades npm to v8 (f634b8c)

... (truncated)

Commits

• 58a226f fix(log-repo): use the original form of the repo url to remove the need to ma...
• 17d60d3 build(deps): bump npm from 8.3.1 to 8.12.0 (#2447)
• ab45ab1 chore(lint): disabled rules that dont apply to this project (#2408)
• ea389c3 chore(deps): update dependency yargs-parser to 13.1.2 [security] (#2402)
• fa994db build(deps): bump node-fetch from 2.6.1 to 2.6.7 (#2399)
• b79116b build(deps): bump trim-off-newlines from 1.0.1 to 1.0.3
• 6fd7e56 build(deps): bump minimist from 1.2.5 to 1.2.6
• 2b94bb4 docs: update broken link to CI config recipes (#2378)
• b4bc191 docs: Correct circleci workflow (#2365)
• 2c30e26 Merge pull request #2333 from semantic-release/next
• Additional commits viewable in compare view

Updates webpack-dev-server from 1.16.2 to 3.1.11

Release notes

Sourced from webpack-dev-server's releases.

v3.1.11

3.1.11 (2018-12-21)

Bug Fixes

• bin/options: correct check for color support (options.color) (#1555) (55398b5)
• package: update spdy v3.4.1...4.0.0 (assertion error) (#1491) (#1563) (7a3a257)
• Server: correct node version checks (#1543) (927a2b3)
• Server: mime type for wasm in contentBase directory (#1575) (#1580) (fadae5d)
• add url for compatibility with webpack@5 (#1598) (#1599) (68dd49a)
• check origin header for websocket connection (#1603) (b3217ca)

v3.1.10

2018-10-23

Bug Fixes

• options: add writeToDisk option to schema (#1520) (d2f4902)
• package: update sockjs-client v1.1.5...1.3.0 (url-parse vulnerability) (#1537) (e719959)
• Server: set tls.DEFAULT_ECDH_CURVE to 'auto' (#1531) (c12def3)

v3.1.9

No release notes provided.

v3.1.8

2018-09-06

Bug Fixes

• package: yargs security vulnerability (dependencies) (#1492) (8fb67c9)
• utils/createLogger: ensure quiet always takes precedence (options.quiet) (#1486) (7a6ca47)

v3.1.7

2018-08-29

Bug Fixes

• Server: don't use spdy on node >= v10.0.0 (#1451) (8ab9eb6)

v3.1.6

2018-08-26

Bug Fixes

... (truncated)

Changelog

Sourced from webpack-dev-server's changelog.

3.1.11 (2018-12-21)

Bug Fixes

• bin/options: correct check for color support (options.color) (#1555) (55398b5)
• package: update spdy v3.4.1...4.0.0 (assertion error) (#1491) (#1563) (7a3a257)
• Server: correct node version checks (#1543) (927a2b3)
• Server: mime type for wasm in contentBase directory (#1575) (#1580) (fadae5d)
• add url for compatibility with webpack@5 (#1598) (#1599) (68dd49a)
• check origin header for websocket connection (#1603) (b3217ca)

3.1.10 (2018-10-23)

Bug Fixes

• options: add writeToDisk option to schema (#1520) (d2f4902)
• package: update sockjs-client v1.1.5...1.3.0 (url-parse vulnerability) (#1537) (e719959)
• Server: set tls.DEFAULT_ECDH_CURVE to 'auto' (#1531) (c12def3)

3.1.9 (2018-09-24)

3.1.8 (2018-09-06)

Bug Fixes

• package: yargs security vulnerability (dependencies) (#1492) (8fb67c9)
• utils/createLogger: ensure quiet always takes precedence (options.quiet) (#1486) (7a6ca47)

3.1.7 (2018-08-29)

Bug Fixes

• Server: don't use spdy on node >= v10.0.0 (#1451) (8ab9eb6)

... (truncated)

Commits

• ff2874f chore(release): 3.1.11
• b3217ca fix: check origin header for websocket connection (#1603)
• 68dd49a fix: add url for compatibility with webpack@5 (#1598) (#1599)
• fadae5d fix(Server): mime type for wasm in contentBase directory (#1575) (#1580)
• 7a3a257 fix(package): update spdy v3.4.1...4.0.0 (assertion error) (#1491) (#1563)
• 1fe82de ci(travis): Node 11 (on OS X) crashes, use 10 for now (#1588)
• 55398b5 fix(bin/options): correct check for color support (options.color) (#1555)
• 927a2b3 fix(Server): correct node version checks (#1543)
• fa96a76 chore(PULL_REQUEST_TEMPLATE): allow features (#1539)
• fe3219f chore(release): 3.1.10
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack-dev-server since your current version.

Updates braces from 0.1.5 to 1.8.5

Changelog

Sourced from braces's changelog.

[1.8.5] - 2016-05-21

• Refactor (#10)

[1.8.4] - 2016-04-20

• fixes jonschlinkert/micromatch#66

[1.8.0] - 2015-03-18

• adds exponent examples, tests
• fixes the first example in jonschlinkert/micromatch#38

[1.6.0] - 2015-01-30

• optimizations, bash mode:
• improve path escaping

[1.5.0] - 2015-01-28

• Merge pull request #5 from eush77/lib-files

[1.4.0] - 2015-01-24

• add extglob tests
• externalize exponent function
• better whitespace handling

[1.3.0] - 2015-01-24

• make regex patterns explicity

[1.1.0] - 2015-01-11

• don't create a match group with makeRe

[1.0.0] - 2014-12-23

• Merge commit '97b05f5544f8348736a8efaecf5c32bbe3e2ad6e'
• support empty brace syntax
• better bash coverage
• better support for regex strings

[0.1.4] - 2014-11-14

• improve recognition of bad args, recognize mismatched argument types
• support escaping
• remove pathname-expansion
• support whitespace in patterns

... (truncated)

Commits

• See full diff in compare view

Removes bl

Updates phantomjs-prebuilt from 2.1.13 to 2.1.16

Release notes

Sourced from phantomjs-prebuilt's releases.

PhantomJS installer v2.1.14

Upgrades request and fs-extra deps

Commits

• See full diff in compare view

Updates qs from 6.2.3 to 6.3.2

Changelog

Sourced from qs's changelog.

6.3.2

• [Fix] follow allowPrototypes option during merge (#201, #200)
• [Dev Deps] update eslint
• [Fix] chmod a-x
• [Fix] support keys starting with brackets (#202, #200)
• [Tests] up to node v7.7, v6.10, v4.8; disable osx builds since they block linux builds

6.3.1

• [Fix] ensure that allowPrototypes: false does not ever shadow Object.prototype properties (thanks, @​snyk!)
• [Dev Deps] update eslint, @ljharb/eslint-config, browserify, iconv-lite, qs-iconv, tape
• [Tests] on all node minors; improve test matrix
• [Docs] document stringify option allowDots (#195)
• [Docs] add empty object and array values example (#195)
• [Docs] Fix minor inconsistency/typo (#192)
• [Docs] document stringify option sort (#191)
• [Refactor] stringify: throw faster with an invalid encoder
• [Refactor] remove unnecessary escapes (#184)
• Remove contributing.md, since qs is no longer part of hapi (#183)

6.3.0

• [New] Add support for RFC 1738 (#174, #173)
• [New] stringify: Add serializeDate option to customize Date serialization (#159)
• [Fix] ensure utils.merge handles merging two arrays
• [Refactor] only constructors should be capitalized
• [Refactor] capitalized var names are for constructors only
• [Refactor] avoid using a sparse array
• [Robustness] formats: cache String#replace
• [Dev Deps] update browserify, eslint, @ljharb/eslint-config; add safe-publish-latest
• [Tests] up to node v6.8, v4.6; improve test matrix
• [Tests] flesh out arrayLimit/arrayFormat tests (#107)
• [Tests] skip Object.create tests when null objects are not available
• [Tests] Turn on eslint for test files (#175)

6.2.4

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [Refactor] use cached Array.isArray
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] Clean up license text so it’s properly detected as BSD-3-Clause
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] use safer-buffer instead of Buffer constructor
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

Commits

• 9ee5612 v6.3.2
• 0a63fc8 [Tests] up to node v7.7, v6.10, v4.8; disable osx builds since they b...
• 8e1f3e7 [Fix] support keys starting with brackets.
• febe81a [Fix] chmod a-x
• e54c5ec [Dev Deps] update eslint
• 8e2af08 [Fix] follow allowPrototypes option during merge
• 153ce84 v6.3.1
• d73b7a6 [Dev Deps] update eslint, @ljharb/eslint-config, browserify
• beade02 [Fix] ensure that allowPrototypes: false does not ever shadow Object.protot...
• 8bd4c6c Document allowDots option for stringify
• Additional commits viewable in compare view

Updates concat-stream from 1.5.0 to 1.5.2

Commits

• 731fedd 1.5.2
• b617fbc Merge pull request #47 from mafintosh/to-string-numbers
• 3e285ba to-string numbers written to the stream
• 4ca83d6 Merge pull request #48 from TheAlphaNerd/new-Buffer
• 798f81e add mafintosh
• 6d31655 use new to instantiate all buffers
• bd93093 Merge pull request #45 from noffle/readme
• ace7a15 Mention the empty stream case.
• 522adc1 1.5.1
• b6010e7 update readme
• See full diff in compare view

Maintainer changes

This version was pushed to npm by mafintosh, a new releaser for concat-stream since your current version.

Updates browserify-sign from 4.2.1 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

• [patch] widen support to 0.12 9247adf
• [patch] drop minimum node support to v1 4d0ee49
• [Dev Deps] update aud, npmignore, tape 87f3a35
• [actions] remove redundant finisher 37a4758
• [Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12
• [Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)
• [Deps] update elliptic fb261ce
• [Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

• [Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

• Only apps should have lockfiles 09a8995
• [eslint] switch to eslint 83fe463
• [meta] add npmignore and auto-changelog 4418183
• [meta] fix package.json indentation 9ac5a5e
• [Tests] migrate from travis to github actions d845d85
• [Fix] sign: throw on unsupported padding scheme 8767739
• [Fix] properly check the upper bound for DSA signatures 85994cd
• [Tests] handle openSSL not supporting a scheme f5f17c2
• [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
• [Dev Deps] update nyc, standard, tape cc5350b
• [Tests] always run coverage; downgrade nyc 75ce1d5
• [meta] add safe-publish-latest dcf49ce
• [Tests] add npm run posttest 75dd8fd
• [Dev Deps] update tape 3aec038
• [Tests] skip unsupported schemes 703c83e
• [Tests] node < 6 lacks array includes 3aa43cf
• [Dev Deps] fix eslint range 98d4e0d

Commits

• bf2c3ec v4.2.3
• 9247adf [patch] widen support to 0.12
• f427270 [Deps] update `parse-asn1
• 87f3a35 [Dev Deps] update aud, npmignore, tape
• fb261ce [Deps] update elliptic
• 4d0ee49 [patch] drop minimum node support to v1
• 9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
• 168e16f [Deps] pin elliptic due to a breaking change
• 37a4758 [actions] remove redundant finisher
• 4af5a90 v4.2.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates cached-path-relative from 1.0.2 to 1.1.0

Commits

• See full diff in compare view

Updates request from 2.74.0 to 2.79.0

Changelog

Sourced from request's changelog.

v2.79.0 (2016/11/18)

• #2368 Fix typeof check in test-pool.js (@​forivall)
• #2394 Use files in package.json (@​SimenB)
• #2463 AWS support for session tokens for temporary credentials (@​simov)
• #2467 Migrate to uuid (@​simov, @​antialias)
• #2459 Update taper to version 0.5.0 🚀 (@​greenkeeperio-bot)
• #2448 Make other connect timeout test more reliable too (@​mscdex)

v2.78.0 (2016/11/03)

• #2447 Always set request timeout on keep-alive connections (@​mscdex)

v2.77.0 (2016/11/03)

• #2439 Fix socket 'connect' listener handling (@​mscdex)
• #2442 👻😱 Node.js 0.10 is unmaintained 😱👻 (@​greenkeeperio-bot)
• #2435 Add followOriginalHttpMethod to redirect to original HTTP method (@​kirrg001)
• #2414 Improve test-timeout reliability (@​mscdex)

v2.76.0 (2016/10/25)

• #2424 Handle buffers directly instead of using "bl" (@​zertosh)
• #2415 Re-enable timeout tests on Travis + other fixes (@​mscdex)
• #2431 Improve timeouts accuracy and node v6.8.0+ compatibility (@​mscdex, @​greenkeeperio-bot)
• #2428 Update qs to version 6.3.0 🚀 (@​greenkeeperio-bot)
• #2420 change .on to .once, remove possible memory leaks (@​duereg)
• #2426 Remove "isFunction" helper in favor of "typeof" check (@​zertosh)
• #2425 Simplify "defer" helper creation (@​zertosh)
• #2402 form-data@2.1.1 breaks build 🚨 (@​greenkeeperio-bot)
• #2393 Update form-data to version 2.1.0 🚀 (@​greenkeeperio-bot)

v2.75.0 (2016/09/17)

• #2381 Drop support for Node 0.10 (@​simov)
• #2377 Update form-data to version 2.0.0 🚀 (@​greenkeeperio-bot)
• #2353 Add greenkeeper ignored packages (@​simov)
• #2351 Update karma-tap to version 3.0.1 🚀 (@​greenkeeperio-bot)
• #2348 form-data@1.0.1 breaks build 🚨 (@​greenkeeperio-bot)
• #2349 Check error type instead of string (@​scotttrinh)

Commits

• 3a98820 2.79.0
• ab94c86 Merge pull request #2368 from forivall/patch-1
• 95b12d0 Merge pull request #2394 from SimenB/files
• d05c86c Use files in package.json
• 9f702bf Merge pull request #2463 from lostcolony/master
• 7532634 Remove redundant code
• d16bf18 Merge branch 'master' into aws4-session
• 67c9673 Merge pull request #2467 from simov/bump-uuid
• 39350ed Bump uuid
• e1c0981 Merge branch 'defunctzombie-uuid' of github.com:antialias/request into bump-uuid
• Additional commits viewable in compare view

Updates tunnel-agent from 0.4.3 to 0.6.0

Commits

• 67df643 0.6.0
• 9ca95ec Use .from
• 8a7c86e 0.5.1
• 5fe6221 0.5.0
• 5bbaf62 Merge pull request #25 from request/safe-buffer
• cdc47b9 Migrating to safe-buffer for security reasons.
• See full diff in compare view

Updates karma-coveralls from 1.1.2 to 1.2.1

Commits

• See full diff in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates eventsource from 1.0.7 to 1.1.2

Changelog

Sourced from eventsource's changelog.

1.1.2

• Inline origin resolution, drops original dependency (#281 Espen Hovlandsdal)

1.1.1

• Do not include authorization and cookie headers on redirect to different origin (#273 Espen Hovlandsdal)

1.1.0

• Improve performance for large messages across many chunks (#130 Trent Willis)
• Add createConnection option for http or https requests (#120 Vasily Lavrov)
• Support HTTP 302 redirects (#116 Ryan Bonte)
• Prevent sequential errors from attempting multiple reconnections (#125 David Patty)
• Add new to correct test (#111 Stéphane Alnet)
• Fix reconnections attempts now happen more than once (#136 Icy Fish)

Commits

• 0a8b85b 1.1.2
• f99ae66 docs: update history for 1.1.2
• 06c9721 chore: rebuild polyfill
• 9494642 fix: inline origin resolution, drop original dependency (#281)
• aa7a408 1.1.1
• 56d489e chore: rebuild polyfill
• 4a951e5 docs: update history for 1.1.1
• f9f6416 fix: strip sensitive headers on redirect to different origin
• 9dd0687 1.1.0
• 49497ba Update history for 1.1.0 (#146)
• Additional commits viewable in compare view

Updates express from 4.17.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: https://github.com/express...

Description has been truncated