Bump the npm_and_yarn group across 1 directory with 28 updates

[dependabot]

Bumps the npm_and_yarn group with 21 updates in the / directory:

Package	From	To
html-minifier	3.5.21	4.0.0
grunt	1.0.3	1.5.3
pug	2.0.3	3.0.1
@babel/traverse	7.2.3	7.24.5
ajv	6.9.1	6.12.6
kind-of	6.0.2	6.0.3
decode-uri-component	0.2.0	0.2.2
ejs	2.6.1	3.1.10
grunt-contrib-nodeunit	2.0.0	5.0.0
fsevents	1.2.7	1.2.13
ini	1.3.5	1.3.8
glob-parent	3.1.0	5.1.2
chokidar	2.1.2	3.6.0
handlebars	4.1.0	4.7.8
json-schema	0.2.3	0.4.0
jsprim	1.4.1	1.4.2
lodash	4.17.11	4.17.21
path-parse	1.0.6	1.0.7
qs	6.5.2	6.5.3
shelljs	0.3.0	removed
grunt-contrib-jshint	2.0.0	3.2.0

Updates html-minifier from 3.5.21 to 4.0.0

Release notes

Sourced from html-minifier's releases.

4.0.0

Bug fixes

• handle custom fragments within CSS/JS correctly (#1001, #1015)

Changes

• Drop Node.js < 6 support

Improvements

• implement continueOnParseError to treat invalid characters as text (#1004)
• minify Content-Security-Policy (#947, #975, #1014)
• upgrade to commander 2.19.0
• upgrade to grunt-contrib-uglify 4.0.1
• upgrade to gruntify-eslint 5.0.0
• upgrade to uglify-js 3.5.1

Commits

• 4beb325 Version 4.0.0
• 583e086 handle custom fragments within CSS/JS correctly (#1015)
• 47b7042 minify Content-Security-Policy (#1014)
• c810fa3 Update Jekyll's ignores. (#1013)
• f3f080c Remove eslint-plugin-no-use-extend-native. (#1012)
• da5c7a5 Update .gitattributes. (#1011)
• c3a9ab7 Travis: remove only gh-pages branch. (#1010)
• 5342a06 Drop Node.js < 6 support. (#1008)
• df65c0c Update .travis.yml (#1006)
• ce0e834 implement continueOnParseError (#1004)
• Additional commits viewable in compare view

Updates grunt from 1.0.3 to 1.5.3

Release notes

Sourced from grunt's releases.

v1.5.3

• Merge pull request #1745 from gruntjs/fix-copy-op 572d79b
• Patch up race condition in symlink copying. 58016ff
• Merge pull request #1746 from JamieSlome/patch-1 0749e1d
• Create SECURITY.md 69b7c50

gruntjs/grunt@v1.5.2...v1.5.3

v1.5.2

• Update Changelog 7f15fd5
• Merge pull request #1743 from gruntjs/cleanup-link b0ec6e1
• Clean up link handling 433f91b

gruntjs/grunt@v1.5.1...v1.5.2

v1.5.1

• Merge pull request #1742 from gruntjs/update-symlink-test ad22608
• Fix symlink test 0652305

gruntjs/grunt@v1.5.0...v1.5.1

v1.5.0

• Updated changelog b2b2c2b
• Merge pull request #1740 from gruntjs/update-deps-22-10 3eda6ae
• Update testing matrix 47d32de
• More updates 2e9161c
• Remove console log 04b960e
• Update dependencies, tests... aad3d45
• Merge pull request #1736 from justlep/main fdc7056
• support .cjs extension e35fe54

gruntjs/grunt@v1.4.1...v1.5.0

v1.4.1

• Update Changelog e7625e5
• Merge pull request #1731 from gruntjs/update-options 5d67e34
• Fix ci install d13bf88
• Switch to Actions 08896ae
• Update grunt-known-options eee0673
• Add note about a breaking change 1b6e288

gruntjs/grunt@v1.4.0...v1.4.1

v1.4.0

• Merge pull request #1728 from gruntjs/update-deps-changelog 63b2e89
• Update changelog and util dep 106ed17
• Merge pull request #1727 from gruntjs/update-deps-apr 49de70b
• Update CLI and nodeunit 47cf8b6
• Merge pull request #1722 from gruntjs/update-through e86db1c
• Update deps 4952368

... (truncated)

Changelog

Sourced from grunt's changelog.

v1.5.3 date: 2022-04-23 changes: - Patch up race condition in symlink copying. v1.5.2 date: 2022-04-12 changes: - Unlink symlinks when copy destination is a symlink. v1.5.1 date: 2022-04-11 changes: - Fixed symlink destination handling. v1.5.0 date: 2022-04-10 changes: - Updated dependencies. - Add symlink handling for copying files. v1.4.1 date: 2021-05-24 changes: - Fix --preload option to be a known option - Switch to GitHub Actions v1.4.0 date: 2021-04-21 changes: - Security fixes in production and dev dependencies - Liftup/Liftoff upgrade breaking change. Update your scripts to use --preload instead of --require. Ref: gulpjs/liftoff@e7a969d. v1.3.0 date: 2020-08-18 changes: - Switch to use safeLoad for loading YML files via file.readYAML. - Upgrade legacy-log to ~3.0.0. - Upgrade legacy-util to ~2.0.0. v1.2.1 date: 2020-07-07 changes: - Remove path-is-absolute dependency. (PR: gruntjs/grunt#1715) v1.2.0 date: 2020-07-03 changes: - Allow usage of grunt plugins that are located in any location that is visible to Node.js and NPM, instead of node_modules directly inside package that have a dev dependency to these plugins. (PR: gruntjs/grunt#1677) - Removed coffeescript from dependencies. To ease transition, if coffeescript is still around, Grunt will attempt to load it. If it is not, and the user loads a CoffeeScript file, Grunt will print a useful error indicating that the coffeescript package should be installed as a dev dependency.

... (truncated)

Commits

• 82d79b8 1.5.3
• 572d79b Merge pull request #1745 from gruntjs/fix-copy-op
• 58016ff Patch up race condition in symlink copying.
• 0749e1d Merge pull request #1746 from JamieSlome/patch-1
• 69b7c50 Create SECURITY.md
• ac667b2 1.5.2
• 7f15fd5 Update Changelog
• b0ec6e1 Merge pull request #1743 from gruntjs/cleanup-link
• 433f91b Clean up link handling
• d5969ec 1.5.1
• Additional commits viewable in compare view

Updates pug from 2.0.3 to 3.0.1

Release notes

Sourced from pug's releases.

[email protected]

Bug Fixes

• Update with to resolve core-js deprecation notice (#3259)

[email protected]

Bug Fixes

• Properly handle non-string values when rethrowing errors (#3269)

[email protected]

Bug Fixes

• Sanitise the pretty option (#3314)

  If a malicious attacker could control the pretty option, it was possible for them to achieve remote code execution on the server rendering the template. All pug users should upgrade as soon as possible, see #3312 for more details.

[email protected]

Breaking Changes

• Drop support for node 6 and 8 (#3243)

[email protected]

Breaking Changes

• Drop support for node 6 and 8 (#3243)

New Features

• Support EachOf nodes (#3179)

[email protected]

Breaking Changes

• read plugins must now return Buffer if you want to support filters that use renderBuffer (#3213)

• Drop support for node 6 and 8 (#3243)

New Features

• File nodes now get a raw property that is a Buffer, in addition to the str (#3213)

[email protected]

Breaking Changes

• Drop support for node 6 and 8 (#3243)

Bug Fixes

• wrap setting err.message with a try/catch (#2996)

... (truncated)

Commits

• 991e78f fix: sanitise and escape the pretty option (#3314)
• 06baa52 Fix TypeScript and add eachOf token definition (#3262)
• 13e46e9 chore: update with (#3259)
• c077df4 docs: fix rolling versions link
• ccba7da ci: publish canary release (#3257)
• 24a7b8e chore: remove get-repo dependency (#3256)
• 8288ec5 ci: fix some problems with the workflows and add dry-run (#3254)
• eca9342 chore: update is-expression and jest (#3253)
• 9e96bb7 feat: allow filters to read non-text include files (#3213)
• bb0731f chore: use minimal settings to format test files (#3245)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by pug-bot, a new releaser for pug since your current version.

Updates @babel/traverse from 7.2.3 to 7.24.5

Release notes

Sourced from @​babel/traverse's releases.

v7.24.5 (2024-04-29)

Thanks @​romgrk and @​sossost for your first PRs!

🐛 Bug Fix

• babel-plugin-transform-classes, babel-traverse
  • #16377 fix: TypeScript annotation affects output (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
  • #16440 Fix suppressed error order (@​sossost)
  • #16408 Await nullish async disposable (@​JLHwung)

💅 Polish

• babel-parser
  • #16407 Recover from exported using declaration (@​JLHwung)

🏠 Internal

• Other
  • #16414 Relax ESLint peerDependency constraint to allow v9 (@​liuxingbaoyu)
• babel-parser
  • #16425 Improve @babel/parser AST types (@​nicolo-ribaudo)
  • #16417 Always pass type argument to .startNode (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse
  • #16439 Make NodePath<T | U> distributive (@​nicolo-ribaudo)
• babel-plugin-proposal-partial-application, babel-types
  • #16421 Remove JSXNamespacedName from valid CallExpression args (@​nicolo-ribaudo)
• babel-plugin-transform-class-properties, babel-preset-env
  • #16406 Do not load unnecessary Babel 7 syntax plugins in Babel 8 (@​nicolo-ribaudo)

🏃‍♀️ Performance

• babel-helpers, babel-preset-env, babel-runtime-corejs3
  • #16357 Performance: improve objectWithoutPropertiesLoose on V8 (@​romgrk)

Committers: 6

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Rom Grk (@​romgrk)
• @​liuxingbaoyu
• ynnsuis (@​sossost)

v7.24.4 (2024-04-03)

Thanks @​Dunqing, @​luiscubal, and @​samualtnorman for your first PRs!

👓 Spec Compliance

• babel-parser
  • #16403 Forbid initializerless using (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16388 Ensure decorators are callable (@​JLHwung)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.5 (2024-04-29)

🐛 Bug Fix

• babel-plugin-transform-classes, babel-traverse
  • #16377 fix: TypeScript annotation affects output (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
  • #16440 Fix suppressed error order (@​sossost)
  • #16408 Await nullish async disposable (@​JLHwung)

💅 Polish

• babel-parser
  • #16407 Recover from exported using declaration (@​JLHwung)

🏠 Internal

• Other
  • #16414 Relax ESLint peerDependency constraint to allow v9 (@​liuxingbaoyu)
• babel-parser
  • #16425 Improve @babel/parser AST types (@​nicolo-ribaudo)
  • #16417 Always pass type argument to .startNode (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse
  • #16439 Make NodePath<T | U> distributive (@​nicolo-ribaudo)
• babel-plugin-proposal-partial-application, babel-types
  • #16421 Remove JSXNamespacedName from valid CallExpression args (@​nicolo-ribaudo)
• babel-plugin-transform-class-properties, babel-preset-env
  • #16406 Do not load unnecessary Babel 7 syntax plugins in Babel 8 (@​nicolo-ribaudo)

🏃‍♀️ Performance

• babel-helpers, babel-preset-env, babel-runtime-corejs3
  • #16357 Performance: improve objectWithoutPropertiesLoose on V8 (@​romgrk)

v7.24.4 (2024-04-03)

👓 Spec Compliance

• babel-parser
  • #16403 Forbid initializerless using (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16388 Ensure decorators are callable (@​JLHwung)

🐛 Bug Fix

• babel-generator
  • #16402 fix: Correctly prints { [key in Bar]? } (@​liuxingbaoyu)
  • #16394 fix: Correctly generate TSMappedType (@​liuxingbaoyu)
• babel-compat-data, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-preset-env
  • #16390 Create bugfix plugin for classes in computed keys in Firefox (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16387 fix: support mutated outer decorated class binding (@​JLHwung)
  • #16385 fix: Decorators when super() exists and protoInit is not needed (@​liuxingbaoyu)
• babel-plugin-transform-block-scoping
  • #16384 fix: Transform scoping for for X in loop (@​liuxingbaoyu)
  • #16368 fix: Capture let when the for body is not a block (@​liuxingbaoyu)
• babel-core, babel-plugin-transform-block-scoped-functions, babel-plugin-transform-block-scoping

... (truncated)

Commits

• ddbea7d v7.24.5
• e779cad fix: TypeScript annotation affects output (#16377)
• ee48754 Use multiple TypeScript projects (#16430)
• 4d8b2d0 Make NodePath\<T | U> distributive (#16439)
• a84ec28 Enable eqeqeq rule (#16404)
• 822b025 v7.24.1
• fc0d5ad Update typescript and lint tools (#16351)
• 69e7928 Consider well-known and registered symbols as literals (#16342)
• 40110e9 Update source map deps (#16327)
• ce59160 v7.24.0
• Additional commits viewable in compare view

Updates ajv from 6.9.1 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@​sambauers, #1143) Option keywords to add custom keywords (@​franciscomorais, #1137) Types fixes (@​boenrobot, @​MattiAstedrone) Docs:

• error logging example (@​RadiationSickness)
• TypeScript usage notes (@​thetric)

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @​cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

v6.10.2

Fix: the unknown keywords were ignored with the option strictKeywords: true (instead of failing compilation) in some sub-schemas (e.g. anyOf), when the sub-schema didn't have known keywords.

v6.10.1

Fix types Fix addSchema (#1001) Update dependencies

v6.10.0

Option strictDefaults to report ignored defaults (#957, @​not-an-aardvark) Option strictKeywords to report unknown keywords (#781)

Commits

• fe59143 6.12.6
• d580d3e Merge pull request #1298 from ajv-validator/fix-url
• fd36389 fix: regular expression for "url" format
• 490e34c docs: link to v7-beta branch
• 9cd93a1 docs: note about v7 in readme
• 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
• f1c8e45 6.12.5
• 764035e Merge branch 'ChALkeR-chalker/fix-comma'
• 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
• a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
• Additional commits viewable in compare view

Updates kind-of from 6.0.2 to 6.0.3

Changelog

Sourced from kind-of's changelog.

[6.0.3] - 2020-01-16

• Merge pull request #31 for issue #30

[6.0.0] - 2017-10-13

• refactor code to be more performant
• refactor benchmarks

[5.1.0] - 2017-10-13

Added

• Merge pull request #15 from aretecode/patch-1
• adds support and tests for string & array iterators

Changed

• updates benchmarks

[5.0.2] - 2017-08-02

• Merge pull request #14 from struct78/master
• Added undefined check

[5.0.0] - 2017-06-21

• Merge pull request #12 from aretecode/iterator
• Set Iterator + Map Iterator
• streamline isbuffer, minor edits

[4.0.0] - 2017-05-19

• Merge pull request #8 from tunnckoCore/master
• update deps

[3.2.2] - 2017-05-16

• fix version

[3.2.1] - 2017-05-16

• add browserify

[3.2.0] - 2017-04-25

• Merge pull request #10 from ksheedlo/unrequire-buffer
• add promise support and tests
• Remove unnecessary Buffer check

... (truncated)

Commits

• abab085 6.0.3
• a18459c run verb to generate README documentation
• dc6bea5 only need to check typeof val.constructor
• 1df992c Merge pull request #31 from xiaofen9/master
• 975c13a fix type checking vul in ctorName
• 4da96c0 Delete FUNDING.yml
• 28266f2 Create FUNDING.yml
• See full diff in compare view

Maintainer changes

This version was pushed to npm by doowb, a new releaser for kind-of since your current version.

Updates async from 1.5.2 to 2.6.2

Release notes

Sourced from async's releases.

v2.3.0

• Added support for ES2017 async functions. Wherever you can pass a Node-style/CPS function that uses a callback, you can also pass an async function. Previously, you had to wrap async functions with asyncify. The caveat is that it will only work if async functions are supported natively in your environment, transpiled implementations can't be detected. (#1386, #1390)

v2.2.0

• Added groupBy, and the Series/Limit equivalents, analogous to _.groupBy (#1364)
• Fixed transform bug when callback was not passed (#1381)

v2.1.5

• Fix auto bug when function names collided with Array.prototype (#1358)
• Improve some error messages (#1349)
• Avoid stack overflow case in queue
• Fixed an issue in some, every and find where processing would continue after the result was determined.
• Cleanup implementations of some, every and find

v2.1.3

• Make bundle size smaller
• Create optimized hotpath for filter in array case.

v2.1.2

• Fixed a stackoverflow bug with detect, some, every on large inputs (#1293).

v2.1.0

• retry and retryable now support an optional errorFilter function that determines if the task should retry on the error (#1256, #1261)
• Optimized array iteration in race, cargo, queue, and priorityQueue (#1253)

v2.0.0

Lots of changes here!

First and foremost, we have a slick new site for docs. Special thanks to @​hargasinski for his work converting our old docs to jsdoc format and implementing the new website. Also huge ups to @​ivanseidel for designing our new logo. It was a long process for both of these tasks, but I think these changes turned out extraordinary well.

The biggest feature is modularization. You can now require("async/series") to only require the series function. Every Async library function is available this way. You still can require("async") to require the entire library, like you could do before.

We also provide Async as a collection of ES2015 modules. You can now import {each} from 'async-es' or import waterfall from 'async-es/waterfall'. If you are using only a few Async functions, and are using a ES bundler such as Rollup, this can significantly lower your build size.

Major thanks to @​Kikobeats, @​aearly and @​megawac for doing the majority of the modularization work, as well as @​jdalton and @​Rich-Harris for advisory work on the general modularization strategy.

Another one of the general themes of the 2.0 release is standardization of what an "async" function is. We are now more strictly following the node-style continuation passing style. That is, an async function is a function that:

1. Takes a variable number of arguments
2. The last argument is always a callback
3. The callback can accept any number of arguments
4. The first argument passed to the callback will be treated as an error result, if the argument is truthy
5. Any number of result arguments can be passed after the "error" argument
6. The callback is called once and exactly once, either on the same tick or later tick of the JavaScript event loop.

There were several cases where Async accepted some functions that did not strictly have these properties, most notably auto, every, some, and filter.

Another theme is performance. We have eliminated internal deferrals in all cases where they make sense. For example, in waterfall and auto, there was a setImmediate between each task -- these deferrals have been removed. A setImmediate call can add up to 1ms of delay. This might not seem like a lot, but it can add up if you are using many Async functions in the course of processing a HTTP request, for example. Nearly all asynchronous functions that do I/O already have some sort of deferral built in, so the extra deferral is unnecessary. The trade-off of this change is removing our built-in stack-overflow defense. Many synchronous callback calls in series can quickly overflow the JS call stack. If you do have a function that is sometimes synchronous (calling its callback on the same tick), and are running into stack overflows, wrap it with async.ensureAsync().

Another big performance win has been re-implementing queue, cargo, and priorityQueue with doubly linked lists instead of arrays. This has lead to queues being an order of magnitude faster on large sets of tasks.

... (truncated)

Changelog

Sourced from async's changelog.

#v2.6.2

• Updated lodash to squelch a security warning (#1620)

v2.6.1

• Updated lodash to prevent npm audit warnings. (#1532, #1533)
• Made async-es more optimized for webpack users (#1517)
• Fixed a stack overflow with large collections and a synchronous iterator (#1514)
• Various small fixes/chores (#1505, #1511, #1527, #1530)

v2.6.0

• Added missing aliases for many methods. Previously, you could not (e.g.) require('async/find') or use async.anyLimit. (#1483)
• Improved queue performance. (#1448, #1454)
• Add missing sourcemap (#1452, #1453)
• Various doc updates (#1448, #1471, #1483)

v2.5.0

• Added concatLimit, the Limit equivalent of concat (#1426, #1430)
• concat improvements: it now preserves order, handles falsy values and the iteratee callback takes a variable number of arguments (#1437, #1436)
• Fixed an issue in queue where there was a size discrepancy between workersList().length and running() (#1428, #1429)
• Various doc fixes (#1422, #1424)

v2.4.1

• Fixed a bug preventing functions wrapped with timeout() from being re-used. (#1418, #1419)

v2.4.0

• Added tryEach, for running async functions in parallel, where you only expect one to succeed. (#1365, #687)
• Improved performance, most notably in parallel and waterfall (#1395)
• Added queue.remove(), for removing items in a queue (#1397, #1391)
• Fixed using eval, preventing Async from running in pages with Content Security Policy (#1404, #1403)
• Fixed errors thrown in an asyncifyed function's callback being caught by the underlying Promise (#1408)
• Fixed timing of queue.empty() (#1367)
• Various doc fixes (#1314, #1394, #1412)

v2.3.0

• Added support for ES2017 async functions. Wherever you can pass a Node-style/CPS function that uses a callback, you can also pass an async function. Previously, you had to wrap async functions with asyncify. The caveat is that it will only work if async functions are supported natively in your environment, transpiled implementations can't be detected. (#1386, #1390)
• Small doc fix (#1392)

v2.2.0

• Added groupBy, and the Series/Limit equivalents, analogous to _.groupBy (#1364)
• Fixed transform bug when callback was not passed (#1381)
• Added note about reflect to parallel docs (#1385)

v2.1.5

• Fix auto bug when function names collided with Array.prototype (#1358)
• Improve some error messages (#1349)
• Avoid stack overflow case in queue
• Fixed an issue in some, every and find where processing would continue after the result was determined.
• Cleanup implementations of some, every and find

v2.1.3

... (truncated)

Commits

• eaf32be Version 2.6.2
• 684b42e Update built files
• e1bd3da update changelog
• 140a335 fix: update lodash to squelch security warning (#1620)
• 5ed3df1 Version 2.6.1
• e5d7148 Update built files
• 7e84a4f update changelog
• 2ba8d0c update deps per npm audit
• d28b725 Merge pull request #1533 from chrisdukakis/update-lodash
• 5f6f3d9 update lodash-es to match [email protected]
• Additional commits viewable in compare view

Updates js-yaml from 3.5.5 to 3.12.1

Changelog

Sourced from js-yaml's changelog.

[3.12.1] - 2019-01-05

Added

• Added noArrayIndent option, #432.

[3.12.0] - 2018-06-02

Changed

• Support arrow functions without a block statement, #421.

[3.11.0] - 2018-03-05

Added

• Add arrow functions suport for !!js/function.

Fixed

• Fix dump in bin/octal/hex formats for negative integers, #399.

[3.10.0] - 2017-09-10

Fixed

• Fix condenseFlow output (quote keys for sure, instead of spaces), #371, #370.
• Dump astrals as codepoints instead of surrogate pair, #368.

[3.9.1] - 2017-07-08

Fixed

• Ensure stack is present for custom errors in node 7.+, #351.

[3.9.0] - 2017-07-08

Added

• Add condenseFlow option (to create pretty URL query params), #346.

Fixed

• Support array return from safeLoadAll/loadAll, #350.

[3.8.4] - 2017-05-08

Fixed

• Dumper: prevent space after dash for arrays that wrap, #343.

[3.8.3] - 2017-04-05

Fixed

• Should not allow numbers to begin and end with underscore, #335.

[3.8.2] - 2017-03-02

Fixed

• Fix !!float 123 (integers) parse, #333.

... (truncated)

Commits

• b6d2609 3.12.1 released
• 7b68122 Browser files rebuild
• 784d1d0 Add "noArrayIndent" option (#461)
• 00bba11 Fix description of onWarning (#460)
• 2d1fbed Travis-CI: increase tests timeout
• 5cdad9b 3.12.0 released
• ef00891 Browser files rebuild
• 337595a Dev deps bump
• 290705b Support arrow functions without a block statement (#421)
• bab69b5 Check for leading newlines when determining if block indentation indicator is...
• Additional commits viewable in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks