build(deps): bump the npm_and_yarn group across 1 directory with 17 updates

[dependabot]

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package	From	To
@actions/core	1.2.4	1.9.1
semantic-release	17.1.1	19.0.3
semver	5.7.1	5.7.2
lodash	4.17.15	4.17.21
node-fetch	2.6.0	2.7.0

Updates @actions/core from 1.2.4 to 1.9.1

Changelog

Sourced from @​actions/core's changelog.

1.9.1

• Randomize delimiter when calling core.exportVariable

1.9.0

• Added toPosixPath, toWin32Path and toPlatformPath utilities #1102

1.8.2

• Update to v2.0.1 of @actions/http-client #1087

1.8.1

• Update to v2.0.0 of @actions/http-client

1.8.0

• Deprecate markdownSummary extension export in favor of summary
  • actions/toolkit#1072
  • actions/toolkit#1073

1.7.0

• Added markdownSummary extension

1.6.0

• Added OIDC Client function getIDToken
• Added file parameter to AnnotationProperties

1.5.0

• Added support for notice annotations and more annotation fields

1.4.0

• Added the getMultilineInput function

1.3.0

• Added the trimWhitespace option to getInput
• Added the getBooleanInput function

1.2.7

• Prepend newline for set-output

1.2.6

• Update exportVariable and addPath to use environment files

1.2.5

• Correctly bundle License File with package

Commits

• See full diff in compare view

Updates semantic-release from 17.1.1 to 19.0.3

Release notes

Sourced from semantic-release's releases.

v19.0.3

19.0.3 (2022-06-09)

Bug Fixes

• log-repo: use the original form of the repo url to remove the need to mask credentials (#2459) (58a226f), closes #2449

v19.0.2

19.0.2 (2022-01-18)

Bug Fixes

• npm-plugin: upgraded to the stable version (0eca144)

v19.0.1

19.0.1 (2022-01-18)

Bug Fixes

• npm-plugin: upgraded to the latest beta version (8097afb)

v19.0.0

19.0.0 (2022-01-18)

Bug Fixes

• npm-plugin: upgraded to the beta, which upgrades npm to v8 (f634b8c)
• upgrade marked to resolve ReDos vulnerability (#2330) (d9e5bc0)

BREAKING CHANGES

• npm-plugin: @semantic-release/npm has also dropped support for node v15
• node v15 has been removed from our defined supported versions of node. this was done to upgrade to compatible versions of marked and marked-terminal that resolved the ReDoS vulnerability. removal of support of this node version should be low since it was not an LTS version and has been EOL for several months already.

v19.0.0-beta.2

19.0.0-beta.2 (2022-01-17)

Bug Fixes

• npm-plugin: upgraded to the beta, which upgrades npm to v8 (f634b8c)

... (truncated)

Commits

• 58a226f fix(log-repo): use the original form of the repo url to remove the need to ma...
• 17d60d3 build(deps): bump npm from 8.3.1 to 8.12.0 (#2447)
• ab45ab1 chore(lint): disabled rules that dont apply to this project (#2408)
• ea389c3 chore(deps): update dependency yargs-parser to 13.1.2 [security] (#2402)
• fa994db build(deps): bump node-fetch from 2.6.1 to 2.6.7 (#2399)
• b79116b build(deps): bump trim-off-newlines from 1.0.1 to 1.0.3
• 6fd7e56 build(deps): bump minimist from 1.2.5 to 1.2.6
• 2b94bb4 docs: update broken link to CI config recipes (#2378)
• b4bc191 docs: Correct circleci workflow (#2365)
• 2c30e26 Merge pull request #2333 from semantic-release/next
• Additional commits viewable in compare view

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

Commits

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates ansi-regex from 2.1.1 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

• Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

v5.0.0

Breaking

• Require Node.js 8 166a0d5

Enhancements

• Add TypeScript definition (#32) e77ea17

chalk/ansi-regex@v4.1.0...v5.0.0

v4.1.0

• Support more escape code like links (#29) 96200bb

chalk/ansi-regex@v4.0.0...v4.1.0

Commits

• a9babce 5.0.1
• 4657833 fix incorrect format
• c3c0b3f Fix potential ReDoS (#37)
• 178363b Move to GitHub Actions (#35)
• 0755e66 Add @​Qix- to funding.yml
• 2b56fb0 5.0.0
• f26f7fe Meta tweaks
• e77ea17 Add TypeScript definition (#32)
• 166a0d5 Require Node.js 8
• f115fca Tidelift tasks
• Additional commits viewable in compare view

Updates dot-prop from 3.0.0 to 5.3.0

Release notes

Sourced from dot-prop's releases.

v5.3.0

• Make .delete() return a boolean (#66) 24916ff

sindresorhus/dot-prop@v5.2.0...v5.3.0

v5.2.0

• Allow specifying undefined as the object for .get() and .has() (#58) a6be343

sindresorhus/dot-prop@v5.1.1...v5.2.0

v5.1.1

• Prevent setting/getting some problematic path components 3039c8c
• TypeScript - Fix return type for undefined defaultValue (#56) e0f8abf

sindresorhus/dot-prop@v5.1.0...v5.1.1

v5.1.0

Maintenance release to update dependencies. No user-facing changes.

sindresorhus/dot-prop@v5.0.1...v5.1.0

v5.0.1

• Fix TypeScript 3.5 compatibility 9c1ef03

sindresorhus/dot-prop@v5.0.0...v5.0.1

v5.0.0

Breaking:

• Require Node.js 8 a19fd41

Enhancements:

• Add TypeScript definition (#52) 5dbf51c

sindresorhus/dot-prop@v4.2.0...v5.0.0

v4.2.1

• Backport sindresorhus/dot-prop@3039c8c to the v4.x release line.

Commits

• 614e74a 5.3.0
• 24916ff Make .delete() return a boolean (#66)
• be84f79 Simplify unit tests (#67)
• 282e984 5.2.0
• 4801a63 Meta tweaks
• a6be343 Allow specifying undefined as the object for .get() and .has() (#58)
• 0efd03e 5.1.1
• 3039c8c Prevent setting/getting some problematic path components
• e0f8abf TypeScript - Fix return type for undefined defaultValue (#56)
• b8b7124 5.1.0
• Additional commits viewable in compare view

Updates handlebars from 4.7.6 to 4.7.8

Release notes

Sourced from handlebars's releases.

v4.7.8

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.8 - July 27th, 2023

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

• fix weird error in integration tests - eb860c0
• fix: check prototype property access in strict-mode (#1736) - b6d3de7
• fix: escape property names in compat mode (#1736) - f058970
• refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
• chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

• the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

Commits

• 8dc3d25 v4.7.8
• 668c4fb Fix browser tests in CI pipeline
• c65c6cc Test on Node 18
• 3d3796c Make library compatible with workers
• 075b354 Fix sync issue with npm lock-file
• 30dbf04 Fix compiling of each block params in strict mode
• e3a5448 Fix bundler issue with webpack 5
• 8e23642 Fix integration-tests issue with npm >= 7
• 88ac068 use https instead of git for mustache submodule
• c68bc08 Fix typo
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.

Updates ini from 1.3.5 to 1.3.8

Commits

• a2c5da8 1.3.8
• af5c6bb Do not use Object.create(null)
• 8b648a1 don't test where our devdeps don't even work
• c74c8af 1.3.7
• 024b8b5 update deps, add linting
• 032fbaf Use Object.create(null) to avoid default object property hazards
• 2da9039 1.3.6
• cfea636 better git push script, before publish instead of after
• 56d2805 do not allow invalid hazardous string as section name
• See full diff in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Updates lodash from 4.17.15 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

• [Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)
• [Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)
• [Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

• [Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)
• [Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)
• [Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)
• [Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)
• [Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

• Merge tag 'v0.2.3' a026794
• [eslint] fix indentation and whitespace 5368ca4
• [eslint] fix indentation and whitespace e5f5067
• [eslint] more cleanup 62fde7d
• [eslint] more cleanup 36ac5d0
• [meta] add auto-changelog 73923d2
• [actions] add reusable workflows d80727d
• [eslint] add eslint; rules to enable later are warnings 48bc06a
• [eslint] fix indentation 34b0f1c
• [readme] rename and add badges 5df0fe4
• [Dev Deps] switch from covert to nyc a48b128
• [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
• [meta] create FUNDING.yml; add funding in package.json 3639e0c
• [meta] use npmignore to autogenerate an npmignore file be2e038
• Only apps should have lockfiles 282b570
• isConstructorOrProto adapted from PR ef9153f
• [Dev Deps] update @ljharb/eslint-config, aud 098873c
• [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
• [meta] add safe-publish-latest 4b927de
• [Tests] add aud in posttest b32d9bd
• [meta] update repo URLs f9fdfc0
• [actions] Avoid 0.6 tests due to build failures ba92fe6
• [Dev Deps] update tape 950eaa7
• [Dev Deps] add missing npmignore dev dep 3226afa
• Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

• 6901ee2 v1.2.8
• a026794 Merge tag 'v0.2.3'
• c0b2661 v0.2.3
• 63b8fee [Fix] Fix long option followed by single dash (#17)
• 72239e6 [Tests] Remove duplicate test (#12)
• 34b0f1c [eslint] fix indentation
• 3226afa [Dev Deps] add missing npmignore dev dep
• 098873c [Dev Deps] update @ljharb/eslint-config, aud
• 9ec4d27 [Fix] Fix long option followed by single dash
• ba92fe6 [actions] Avoid 0.6 tests due to build failures
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates node-fetch from 2.6.0 to 2.7.0

Release notes

Sourced from node-fetch's releases.

v2.7.0

2.7.0 (2023-08-23)

Features

• AbortError (#1744) (9b9d458)

v2.6.13

2.6.13 (2023-08-18)

Bug Fixes

• Remove the default connection close header (#1765) (65ae25a), closes #1735 #1473 #1736

v2.6.12

2.6.12 (2023-06-29)

Bug Fixes

• socket variable testing for undefined (#1726) (8bc3a7c)

v2.6.11

2.6.11 (2023-05-09)

Reverts

• Revert "fix: handle bom in text and json (#1739)" (#1741) (afb36f6), closes #1739 #1741

v2.6.10

2.6.10 (2023-05-08)

Bug Fixes

• handle bom in text and json (#1739) (29909d7)

v2.6.9

2.6.9 (2023-01-30)

Bug Fixes

• "global is not defined" (#1704) (70f592d)

v2.6.8

2.6.8 (2023-01-13)

... (truncated)

Commits

• 9b9d458 feat: AbortError (#1744)
• 65ae25a fix: Remove the default connection close header (#1765)
• 8bc3a7c fix: socket variable testing for undefined (#1726)
• afb36f6 Revert "fix: handle bom in text and json (#1739)" (#1741)
• 29909d7 fix: handle bom in text and json (#1739)
• 70f592d fix: "global is not defined" (#1704)
• 0f1ebb0 Prevent error when response is null (#1699)
• 6e9464d ci(release): install dependencies
• dd2a0ba ci(release): install dependencies
• 49bef02 ci(release): use latest Node LTS
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.

Updates npm from 6.14.5 to 8.19.4

Release notes

Sourced from npm's releases.

libnpmexec: v8.1.2

8.1.2 (2024-05-29)

Bug Fixes

• 6b55646 #7569 exec: look in workspace and root for bin entries (#7569) (@​wraithgar)
• 2d1d8d0 #7559 adds node: specifier to all native node modules (#7559) (@​reggi)

Dependencies

• workspace: @npmcli/arborist@7.5.3

libnpmexec: v8.1.1

8.1.1 (2024-05-15)

Dependencies

• ea0b07d #7482 pacote@18.0.6
• a9a6dcd #7480 pacote@18.0.5
• 43331e4 #7480 bin-links@4.0.4

Chores

• 9c4d3c4 #7467 template-oss-apply (@​lukekarrys)
• 2b7ec54 #7467 template-oss@4.22.0 (@​lukekarrys)

libnpmexec: v8.1.0

8.1.0 (2024-04-30)

Features

• 7e349f4 #7432 add spinner (#7432) (@​lukekarrys)

Bug Fixes

• 57ebebf #7418 update repository.url in package.json (#7418) (@​wraithgar)

Dependencies

• 9da5738 #7437 @npmcli/run-script@8.1.0 (#7437)
• workspace: @npmcli/arborist@7.5.1

libnpmaccess: v8.0.6

8.0.6 (2024-05-15)

Dependencies

• 63ef498 #7457 npm-registry-fetch@17.0.1

... (truncated)

Changelog

Sourced from npm's changelog.

8.19.4 (2023-02-14)

Documentation

• dd51f34 #6155 don't redirect "npm config' to itself (#6155) (@​ivanosevitch)

Dependencies

• cfab523 #6166 http-cache-semantics@4.1.1 (#6166)

8.19.3 (2022-11-03)

Bug Fixes

• 26f3d0b #5761 use hosted-git-info to parse registry urls (#5761) (@​lukekarrys)

Documentation

• bd92aa0 #5753 name and version description change (#5753) (@​dominikgorczyca)

Dependencies

• Workspace: @npmcli/arborist@5.6.3
• Workspace: libnpmexec@4.0.14
• Workspace: libnpmfund@3.0.5

8.19.2 (2022-09-13)

Dependencies

• Workspace: @npmcli/arborist@5.6.2
• Workspace: libnpmexec@4.0.13
• Workspace: libnpmfund@3.0.4

8.19.1 (2022-09-01)

Bug Fixes

• d60b43f #5438 fix: Turn off progress bar when using web based authorization (@​sandeepmeduru)

8.19.0 (2022-08-31)

Features

• d94a9f5 #5347 feat: add deprecation warnings to access commands (@​wraithgar)

Bug Fixes

• bd2ae5d #5323 fix: linting (@​wraithgar)

... (truncated)

Commits

• 2f0b4df chore: release 8.19.4
• cd9c9fd chore: @​npmcli/template-oss@​4.11.4 (#6167)
• cfab523 deps: http-cache-semantics@4.1.1 (#6166)
• dd51f34 docs: don't redirect "npm config' to itself (#6155)
• 93bd6d1 chore(node-pr): various fixes and updates for the node PR script (#5817)
• ef42996 chore: release 8.19.3
• 50a7d32 chore: re-add async to function (#5812)
• 9931679 chore: check version to determine whether to publish (#5811)
• c10abe0 chore: tag backported workspaces during publish script
• 5866217 chore: ignore-scripts when installing docs deps
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by gar, a new releaser for npm since your current version.

Updates ip from 1.1.5 to 2.0.0

Commits

• 4b2f4e7 2.0.0
• 369d56d lib: use Buffer.alloc
• af82ef4 1.1.6
• dba19f6 package: exclude test folder from publishing
• 7cd7f30 ci: use github workflows
• 4de50ae lib: node 18 support
• See full diff in compare view

Updates npm-registry-fetch from 4.0.4 to 13.3.1

Release notes

Sourced from npm-registry-fetch's releases.

v13.3.1

13.3.1 (2022-08-15)

Bug Fixes

• linting (c9a8727)

v13.3.0

13.3.0 (2022-07-18)

Features

• respect registry-scoped certfile and keyfile options (#125) (42d605c)

v13.2.0

13.2.0 (2022-06-29)

Features

• set 'npm-auth-type' header depending on config option (#123) (ff4ed65)

v13.1.1

13.1.1 (2022-04-13)

Bug Fixes

• replace deprecated String.prototype.substr() (#115) (804411f)

v13.1.0

13.1.0 (2022-03-22)

Features

• clean token from logged urls (#107) (9894911)

Dependencies

• update make-fetch-happen requirement from ^10.0.3 to ^10.0.4 (#96) (38d9782)
• update make-fetch-happen requirement from ^10.0.4 to ^10.0.6 (#101) (1d2f3ed)
• update minipass-fetch requirement from ^2.0.1 to ^2.0.2 (#95) (d8c3180)
• update minipass-fetch requirement from ^2.0.2 to ^2.0.3 (#99) (3e08986)
• update npm-package-arg requirement from ^9.0.0 to ^9.0.1 (#102) (a6192b4)

npm-registry-fetch v13.0.1

... (truncated)

Changelog

Sourced from npm-registry-fetch's changelog.

14.0.4 (2023-04-13)

Bug Fixes

• 15dd221 #178 clean password by using url object itself (#178) (@​DEMON1A)

Documentation

• 14d1159 #173 update API documentation of noProxy option (#173) (@​lingyuncai)

14.0.3 (2022-12-07)

Dependencies

• c669335 #158 bump minipass from 3.3.6 to 4.0.0

14.0.2 (2022-10-18)

Dependencies

• 36b7685 #154 bump npm-package-arg from 9.1.2 to 10.0.0

14.0.1 (2022-10-17)

Dependencies

• ade1c8b #150 bump minipass-fetch from 2.1.2 to 3.0.0
• 84bb850 #149 bump proc-log from 2.0.1 to 3.0.0

14.0.0 (2022-10-13)

⚠️ BREAKING CHANGES

• this module no longer attempts to change file ownership automatically
• npm-registry-fetch is now compatible with the following semver range for node: ^14.17.0 |...

  Description has been truncated