build(deps): bump the npm_and_yarn group across 1 directory with 35 updates

[dependabot]

Bumps the npm_and_yarn group with 32 updates in the / directory:

Package	From	To
express	4.17.1	4.19.2
got	11.8.5	11.8.6
liquidjs	9.22.1	10.0.0
next	11.1.2	13.5.1
node-fetch	3.1.1	3.2.10
semver	7.3.5	7.5.2
@actions/core	1.6.0	1.9.1
async	3.2.2	3.2.3
minimatch	3.0.4	3.0.5
@babel/traverse	7.16.0	7.24.1
@sideway/formula	3.0.0	3.0.1
axios	0.21.4	1.6.8
jest-puppeteer	5.0.4	10.0.1
start-server-and-test	1.14.0	2.0.3
http-cache-semantics	4.1.0	4.1.1
jpeg-js	0.4.2	0.4.4
@jimp/jpeg	0.16.1	0.16.13
json-schema	0.2.3	0.4.0
jsprim	1.4.1	1.4.2
json5	1.0.1	1.0.2
jszip	3.7.1	3.10.1
prismjs	1.25.0	1.27.0
refractor	3.5.0	3.6.0
qs	6.5.2	6.5.3
tough-cookie	4.0.0	4.1.3
website-scraper	4.2.3	5.3.1
shelljs	0.8.4	0.8.5
terser	5.9.0	5.30.4
webpack	5.59.0	5.91.0
xml2js	0.4.23	0.5.0
rss-parser	3.12.0	3.13.0
parse-bmfont-xml	1.1.4	1.1.6

Updates express from 4.17.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates got from 11.8.5 to 11.8.6

Release notes

Sourced from got's releases.

v11.8.6

• Destroy request object after successful response

sindresorhus/got@v11.8.5...v11.8.6

Commits

• 2b1482c 11.8.6
• 2d1497e Destroy request object after successful response (#2187)
• See full diff in compare view

Updates liquidjs from 9.22.1 to 10.0.0

Release notes

Sourced from liquidjs's releases.

v10.0.0

10.0.0 (2022-11-27)

chore

• rename filters to snake style, #487 (ff112a4)

Code Refactoring

• _evalToken renamed to evalToken (4e1a30a)
• change ownPropertyOnly default value to true (7eb6216)
• delay creation of operatorsTrie and hide this implementation (bb58d3e)
• remove toThenable export (ffefd91)
• remove use of internal Context class in evalValue argument (b115077)

Performance Improvements

• target Node.js 14 for cjs bundle (main entry) (1f6ce7c)

BREAKING CHANGES

• evalToken now returns a generator (LiquidJS async), which is different from evalToken in previous LiquidJS versions.
• main entry need Node.js>=14 to run, you can build LiquidJS by your own by using ESM entry.
• ownPropertyOnly default value changed to true
• <liquidjs>.toThenable is removed, use <liquidjs>.toPromise instead
• evalValue won't support Context as second argument anymore.
• use operators instead of operatorsTrie as Tokenizer constructor argument, #500
• keys in <liquidjs>.filters are now in snake case (instead of camel case), identical to that in Liquid template.

v9.43.0

9.43.0 (2022-11-27)

Features

• support timezone offset argument for date filter, #553 (7a71485)

v9.42.1

9.42.1 (2022-10-21)

Bug Fixes

• truncatewords should use at least one word, #537 (32f613f)

v9.42.0

... (truncated)

Changelog

Sourced from liquidjs's changelog.

10.0.0 (2022-11-27)

Code Refactoring

• rename filters to snake style, #487 (ff112a4)
• _evalToken renamed to evalToken (4e1a30a)
• change ownPropertyOnly default value to true (7eb6216)
• delay creation of operatorsTrie and hide this implementation (bb58d3e)
• remove toThenable export (ffefd91)
• remove use of internal Context class in evalValue argument (b115077)

Performance Improvements

• target Node.js 14 for cjs bundle (main entry) (1f6ce7c)

BREAKING CHANGES

• evalToken now returns a generator (LiquidJS async), which is different from evalToken in previous LiquidJS versions.
• main entry need Node.js>=14 to run, you can build LiquidJS by your own by using ESM entry.
• ownPropertyOnly default value changed to true
• <liquidjs>.toThenable is removed, use <liquidjs>.toPromise instead
• evalValue won't support Context as second argument anymore.
• use operators instead of operatorsTrie as Tokenizer constructor argument, #500
• keys in <liquidjs>.filters are now in snake case (instead of camel case), identical to that in Liquid template.

9.43.0 (2022-11-27)

Features

• support timezone offset argument for date filter, #553 (7a71485)

9.42.1 (2022-10-21)

Bug Fixes

• truncatewords should use at least one word, #537 (32f613f)

9.42.0 (2022-08-27)

Features

• promise in expression & nested property, #533 #276 (bbf00f3)

9.41.0 (2022-08-24)

... (truncated)

Commits

• 9b9ef37 chore(release): 10.0.0 [skip ci]
• 5bbdc08 chore(deps): bump minimatch from 3.0.4 to 3.1.2
• 1380ac9 refactor: more consistent tags to make it easier to iterate over, #524
• 4e1a30a refactor: _evalToken renamed to evalToken
• 9299268 refactor: Tag class support in registerTag()
• 1f6ce7c perf: target Node.js 14 for cjs bundle (main entry)
• 7eb6216 refactor: change ownPropertyOnly default value to true
• ffefd91 refactor: remove toThenable export
• b115077 refactor: remove use of internal Context class in evalValue argument
• bb58d3e refactor: delay creation of operatorsTrie and hide this implementation
• Additional commits viewable in compare view

Updates next from 11.1.2 to 13.5.1

Commits

• 0c1c7f8 v13.5.1
• 9744285 v13.5.1-canary.1
• 44eba02 improve publish-release (#55597)
• c652dc8 v13.5.1-canary.0
• ffafad2 v13.5.0
• 4a589ed v13.4.20-canary.41
• deb81cf fix styled-jsx alias (#55581)
• 1a9b0f6 improve internal error logging (#55582)
• 0631549 Fix react packages are not bundled for metadata routes (#55579)
• bad5365 Update supported config options for Turbopack (#55556)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by vercel-release-bot, a new releaser for next since your current version.

Updates node-fetch from 3.1.1 to 3.2.10

Release notes

Sourced from node-fetch's releases.

v3.2.10

3.2.10 (2022-07-31)

Bug Fixes

• ReDoS referrer (#1611) (2880238)

v3.2.9

3.2.9 (2022-07-18)

Bug Fixes

• Headers: don't forward secure headers on protocol change (#1599) (e87b093)

v3.2.8

3.2.8 (2022-07-12)

Bug Fixes

• possibly flaky test (#1523) (11b7033)

v3.2.7

3.2.7 (2022-07-11)

Bug Fixes

• always warn Request.data (#1550) (4f43c9e)

v3.2.6

3.2.6 (2022-06-09)

Bug Fixes

• undefined reference to response.body when aborted (#1578) (1c5ed6b)

v3.2.5

3.2.5 (2022-06-01)

Bug Fixes

• use space in accept-encoding values (#1572) (a92b5d5), closes #1571

v3.2.4

3.2.4 (2022-04-28)

... (truncated)

Commits

• 2880238 fix: ReDoS referrer (#1611)
• e87b093 fix(Headers): don't forward secure headers on protocol change (#1599)
• bcfb71c chore: remove triple-slash directives from typings (#1285) (#1287)
• 95165d5 fix spelling (#1602)
• 11b7033 fix: possibly flaky test (#1523)
• 4f43c9e fix: always warn Request.data (#1550)
• 1c5ed6b fix: undefined reference to response.body when aborted (#1578)
• a92b5d5 fix: use space in accept-encoding values (#1572)
• 0f122b8 docs: fix formdata code example (#1562)
• 6ae9c76 docs(readme): response.clone() is not async (#1560)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.

Updates semver from 7.3.5 to 7.5.2

Release notes

Sourced from semver's releases.

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

v7.5.0

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

v7.4.0

7.4.0 (2023-04-10)

Features

• 113f513 #532 identifierBase parameter for .inc (#532) (@​wraithgar, @​b-bly)
• 48d8f8f #530 export new RELEASE_TYPES constant (@​hcharley)

Bug Fixes

• 940723d #538 intersects with v0.0.0 and v0.0.0-0 (#538) (@​wraithgar)
• aa516b5 #535 faster parse options (#535) (@​H4ad)
• 61e6ea1 #536 faster cache key factory for range (#536) (@​H4ad)
• f8b8b61 #541 optimistic parse (#541) (@​H4ad)
• 796cbe2 #533 semver.diff prerelease to release recognition (#533) (@​wraithgar, @​dominique-blockchain)
• 3f222b1 #537 reuse comparators on subset (#537) (@​H4ad)
• f66cc45 #539 faster diff (#539) (@​H4ad)

Documentation

• c5d29df #530 Add "Constants" section to README (@​hcharley)

... (truncated)

Changelog

Sourced from semver's changelog.

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

7.4.0 (2023-04-10)

Features

• 113f513 #532 identifierBase parameter for .inc (#532) (@​wraithgar, @​b-bly)
• 48d8f8f #530 export new RELEASE_TYPES constant (@​hcharley)

Bug Fixes

• 940723d #538 intersects with v0.0.0 and v0.0.0-0 (#538) (@​wraithgar)
• aa516b5 #535 faster parse options (#535) (@​H4ad)
• 61e6ea1 #536 faster cache key factory for range (#536) (@​H4ad)
• f8b8b61 #541 optimistic parse (#541) (@​H4ad)
• 796cbe2 #533 semver.diff prerelease to release recognition (#533) (@​wraithgar, @​dominique-blockchain)
• 3f222b1 #537 reuse comparators on subset (#537) (@​H4ad)
• f66cc45 #539 faster diff (#539) (@​H4ad)

Documentation

• c5d29df #530 Add "Constants" section to README (@​hcharley)

7.3.8 (2022-10-04)

Bug Fixes

... (truncated)

Commits

• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease (#566)
• 5c8efbc fix: preserve build in raw after inc (#565)
• 717534e fix: better handling of whitespace (#564)
• 2f738e9 chore: bump @​npmcli/template-oss from 4.14.1 to 4.15.1 (#558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error (#559)
• 09c69e2 chore: bump @​npmcli/template-oss from 4.13.0 to 4.14.1 (#555)
• 5b02ad7 chore: release 7.5.0
• e219bb4 fix: throw on bad version with correct error message (#552)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.

Updates @actions/core from 1.6.0 to 1.9.1

Changelog

Sourced from @​actions/core's changelog.

1.9.1

• Randomize delimiter when calling core.exportVariable

1.9.0

• Added toPosixPath, toWin32Path and toPlatformPath utilities #1102

1.8.2

• Update to v2.0.1 of @actions/http-client #1087

1.8.1

• Update to v2.0.0 of @actions/http-client

1.8.0

• Deprecate markdownSummary extension export in favor of summary
  • actions/toolkit#1072
  • actions/toolkit#1073

1.7.0

• Added markdownSummary extension

Commits

• See full diff in compare view

Updates async from 3.2.2 to 3.2.3

Changelog

Sourced from async's changelog.

v3.2.3

• Fix bugs in comment parsing in autoInject. (#1767, #1780)

Commits

• 62943ca Version 3.2.3
• d2c9d51 Update built files
• de8d4c4 Update changelog for v3.2.3
• b015d34 fix: address edge case in comment stripping (#1780)
• e27aaab chore: remove unused Travis CI config (#1781)
• a038c8f ci: setup GitHub Actions (#1782)
• e74bd18 Core: const, let, arrow-fn and unused variables (#1776)
• 2ee673f Housekeeping (#1772)
• cdfb491 Fix an inefficient regex in autoInject (#1767)
• bb41f2a be explicit (#1769)
• Additional commits viewable in compare view

Updates minimatch from 3.0.4 to 3.0.5

Commits

• 707e1b2 3.0.5
• a8763f4 Improve redos protection, add many tests
• bafa295 Use master branch for travis badge
• 013d64d update travis
• See full diff in compare view

Updates postcss from 8.3.11 to 8.4.14

Release notes

Sourced from postcss's releases.

8.4.14

• Print “old plugin API” warning only if plugin was used (by @​zardoy).

8.4.13

• Fixed append() error after using .parent (by @​thecrypticace).

8.4.12

• Fixed package.funding to have same value between all PostCSS packages.

8.4.11

• Fixed Declaration#raws.value type.

8.4.10

• Fixed package.funding URL format.

8.4.9

• Fixed package.funding (by @​mondeja).

8.4.8

• Fixed end position in empty Custom Properties.

8.4.7

• Fixed Node#warn() type (by @​ybiquitous).
• Fixed comment removal in values after ,.

8.4.6

• Prevented comment removing when it change meaning of CSS.
• Fixed parsing space in last semicolon-less CSS Custom Properties.
• Fixed comment cleaning in CSS Custom Properties with space.
• Fixed throwing an error on .root access for plugin-less case.

8.4.5

• Fixed raws types to make object extendable (by @​43081j).
• Moved from Yarn 1 to pnpm.

8.4.4

• Fixed absolute path in source map on zero plugins mode.

8.4.3

• Fixed this.css.replace is not a function error.

8.4.2

• Fixed previous source map support in zero plugins mode.

8.4.1

• Fixed Stringifier types (by @​43081j).

8.4 “President Camio”

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.14

• Print “old plugin API” warning only if plugin was used (by @​zardoy).

8.4.13

• Fixed append() error after using .parent (by Jordan Pittman).

8.4.12

• Fixed package.funding to have same value between all PostCSS packages.

8.4.11

• Fixed Declaration#raws.value type.

8.4.10

• Fixed package.funding URL format.

8.4.9

• Fixed package.funding (by Álvaro Mondéjar).

8.4.8

• Fixed end position in empty Custom Properties.

8.4.7

• Fixed Node#warn() type (by Masafumi Koba).
• Fixed comment removal in values after ,.

8.4.6

• Prevented comment removing when it change meaning of CSS.
• Fixed parsing space in last semicolon-less CSS Custom Properties.
• Fixed comment cleaning in CSS Custom Properties with space.
• Fixed throwing an error on .root access for plugin-less case.

8.4.5

• Fixed raws types to make object extendable (by James Garbutt).
• Moved from Yarn 1 to pnpm.

8.4.4

• Fixed absolute path in source map on zero plugins mode.

8.4.3

• Fixed this.css.replace is not a function error.

8.4.2

• Fixed previous source map support in zero plugins mode.

8.4.1

• Fixed Stringifier types (by James Garbutt).

8.4 “President Camio”

• Added ranges for errors and warnings (by Adaline Valentina Simonian).
• Added Stringifier types (by James Garbutt).

... (truncated)

Commits

• b7d1836 Release 8.4.14 version
• 57006b4 Update dependencies
• 2a97ab8 Merge pull request #1744 from zardoy/patch-1
• 6447b55 Merge pull request #1747 from ben-lau/main
• e36ed17 Update plugins.md
• 24f2efc Update depedencies
• 9bda624 Try to fix CI
• 7cd8e27 improve warnings count testing
• 2295e28 fix tests
• fc19f1b fix: print deprecation warning only when plugin is used
• Additional commits viewable in compare view

Updates @babel/traverse from 7.16.0 to 7.24.1

Release notes

Sourced from @​babel/traverse's releases.

v7.24.1 (2024-03-19)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16350 Fix decorated class computed keys ordering (@​JLHwung)
  • #16344 Fix decorated class static field private access (@​JLHwung)
• babel-plugin-proposal-decorators, babel-plugin-proposal-json-modules, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env
  • #16329 Respect moduleName for @babel/runtime/regenerator imports (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties
  • #16331 Fix decorator memoiser binding kind (@​JLHwung)
• babel-helper-create-class-features-plugin, babel-helper-replace-supers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties
  • #16325 Fix decorator evaluation private environment (@​JLHwung)

📝 Documentation

• #16319 Update SECURITY.md (@​nicolo-ribaudo)

🏠 Internal

• babel-code-frame, babel-highlight
  • #16359 Replace chalk with picocolors (@​nicolo-ribaudo)
• babel-helper-fixtures, babel-helpers, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow
  • #16352 Run Babel transform tests on old node if possible (@​JLHwung)
• babel-helper-module-imports, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-record-and-tuple, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx
  • #16349 Support merging imports in import injector (@​nicolo-ribaudo)
• Other
  • #16332 Test Babel 7 plugins compatibility with Babel 8 core (@​nicolo-ribaudo)

🔬 Output optimization

• babel-helper-replace-supers, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-parameters, babel-plugin-transform-runtime
  • #16345 Optimize the use of assertThisInitialized after super() (@​liuxingbaoyu)
  Description has been truncated

  Note
  Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dependabot]

Superseded by #152.