Commit 62d1c9f
authored
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
chore(deps): bump the npm_and_yarn group across 1 directory with 7 updates (#413)
Bumps the npm_and_yarn group with 7 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
|
[fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser)
| `4.5.3` | `4.5.6` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |
| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` |
`2.3.2` |
| [serve-static](https://github.com/expressjs/serve-static) | `1.15.0` |
`1.16.3` |
| [shell-quote](https://github.com/ljharb/shell-quote) | `1.8.1` |
`1.8.4` |
| [tmp](https://github.com/raszi/node-tmp) | `0.2.5` | `0.2.7` |
| [yaml](https://github.com/eemeli/yaml) | `2.4.5` | `2.9.0` |
Updates `fast-xml-parser` from 4.5.3 to 4.5.6
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/NaturalIntelligence/fast-xml-parser/releases">fast-xml-parser's
releases</a>.</em></p>
<blockquote>
<h2>Summary update on all the previous releases from v4.2.4</h2>
<ul>
<li>Multiple minor fixes provided in the validator and parser</li>
<li>v6 is added for experimental use.</li>
<li>ignoreAttributes support function, and array of string or regex</li>
<li>Add support for parsing HTML numeric entities</li>
<li>v5 of the application is ESM module now. However, JS is also
supported</li>
</ul>
<p><strong>Note</strong>: Release section in not updated frequently.
Please check <a
href="https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md">CHANGELOG</a>
or <a
href="https://github.com/NaturalIntelligence/fast-xml-parser/tags">Tags</a>
for latest release information.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/42fbb0bc95e753e03fe52cb0805a8774bba4bf28"><code>42fbb0b</code></a>
update release info</li>
<li><a
href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/805671cb6c19108b171b876cf3e8865f18cdb8fd"><code>805671c</code></a>
increase expansion limit as many system need it</li>
<li><a
href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/9a2cf097c2961d4ad878f618e39fb0a9f5a0e9e5"><code>9a2cf09</code></a>
update version</li>
<li><a
href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/88d0936a23dabe51bfbf42255e2ce912dfee2221"><code>88d0936</code></a>
apply all fixes from v5</li>
<li><a
href="https://github.com/NaturalIntelligence/fast-xml-parser/commit/d4eb6b4713a8d11e6730943392419040898ecbc0"><code>d4eb6b4</code></a>
update release version</li>
<li>See full diff in <a
href="https://github.com/NaturalIntelligence/fast-xml-parser/compare/v4.5.3...v4.5.6">compare
view</a></li>
</ul>
</details>
<br />
Updates `js-yaml` from 3.14.1 to 3.14.2
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's
changelog</a>.</em></p>
<blockquote>
<h2>[3.14.2] - 2025-11-15</h2>
<h3>Security</h3>
<ul>
<li>Backported v4.1.1 fix to v3</li>
</ul>
<h2>[4.1.1] - 2025-11-12</h2>
<h3>Security</h3>
<ul>
<li>Fix prototype pollution issue in yaml merge (<<)
operator.</li>
</ul>
<h2>[4.1.0] - 2021-04-15</h2>
<h3>Added</h3>
<ul>
<li>Types are now exported as <code>yaml.types.XXX</code>.</li>
<li>Every type now has <code>options</code> property with original
arguments kept as they were
(see <code>yaml.types.int.options</code> as an example).</li>
</ul>
<h3>Changed</h3>
<ul>
<li><code>Schema.extend()</code> now keeps old type order in case of
conflicts
(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as
<code>abcd</code> instead of <code>cbad</code>).</li>
</ul>
<h2>[4.0.0] - 2021-01-03</h2>
<h3>Changed</h3>
<ul>
<li>Check migration guide in <a
href="https://github.com/nodeca/js-yaml/blob/master/docs">docs</a> for
details of all breaking changes.</li>
<li>Breaking: "unsafe" tags <code>!!js/function</code>,
<code>!!js/regexp</code>, <code>!!js/undefined</code> are
moved to <a
href="https://github.com/nodeca/js-yaml-js-types">js-yaml-js-types</a>
package.</li>
<li>Breaking: removed <code>safe*</code> functions. Use
<code>load</code>, <code>loadAll</code>, <code>dump</code>
instead which are all now safe by default.</li>
<li><code>yaml.DEFAULT_SAFE_SCHEMA</code> and
<code>yaml.DEFAULT_FULL_SCHEMA</code> are removed, use
<code>yaml.DEFAULT_SCHEMA</code> instead.</li>
<li><code>yaml.Schema.create(schema, tags)</code> is removed, use
<code>schema.extend(tags)</code> instead.</li>
<li><code>!!binary</code> now always mapped to <code>Uint8Array</code>
on load.</li>
<li>Reduced nesting of <code>/lib</code> folder.</li>
<li>Parse numbers according to YAML 1.2 instead of YAML 1.1
(<code>01234</code> is now decimal,
<code>0o1234</code> is octal, <code>1:23</code> is parsed as string
instead of base60).</li>
<li><code>dump()</code> no longer quotes <code>:</code>, <code>[</code>,
<code>]</code>, <code>(</code>, <code>)</code> except when necessary, <a
href="https://redirect.github.com/nodeca/js-yaml/issues/470">#470</a>,
<a
href="https://redirect.github.com/nodeca/js-yaml/issues/557">#557</a>.</li>
<li>Line and column in exceptions are now formatted as
<code>(X:Y)</code> instead of
<code>at line X, column Y</code> (also present in compact format), <a
href="https://redirect.github.com/nodeca/js-yaml/issues/332">#332</a>.</li>
<li>Code snippet created in exceptions now contains multiple lines with
line numbers.</li>
<li><code>dump()</code> now serializes <code>undefined</code> as
<code>null</code> in collections and removes keys with
<code>undefined</code> in mappings, <a
href="https://redirect.github.com/nodeca/js-yaml/issues/571">#571</a>.</li>
<li><code>dump()</code> with <code>skipInvalid=true</code> now
serializes invalid items in collections as null.</li>
<li>Custom tags starting with <code>!</code> are now dumped as
<code>!tag</code> instead of <code>!<!tag></code>, <a
href="https://redirect.github.com/nodeca/js-yaml/issues/576">#576</a>.</li>
<li>Custom tags starting with <code>tag:yaml.org,2002:</code> are now
shorthanded using <code>!!</code>, <a
href="https://redirect.github.com/nodeca/js-yaml/issues/258">#258</a>.</li>
</ul>
<h3>Added</h3>
<ul>
<li>Added <code>.mjs</code> (es modules) support.</li>
<li>Added <code>quotingType</code> and <code>forceQuotes</code> options
for dumper to configure
string literal style, <a
href="https://redirect.github.com/nodeca/js-yaml/issues/290">#290</a>,
<a
href="https://redirect.github.com/nodeca/js-yaml/issues/529">#529</a>.</li>
<li>Added <code>styles: { '!!null': 'empty' }</code> option for
dumper</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0"><code>9963d36</code></a>
3.14.2 released</li>
<li><a
href="https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1"><code>10d3c8e</code></a>
dist rebuild</li>
<li><a
href="https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266"><code>5278870</code></a>
fix prototype pollution in merge (<<) (<a
href="https://redirect.github.com/nodeca/js-yaml/issues/731">#731</a>)</li>
<li>See full diff in <a
href="https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2">compare
view</a></li>
</ul>
</details>
<br />
Updates `picomatch` from 2.3.1 to 2.3.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/micromatch/picomatch/releases">picomatch's
releases</a>.</em></p>
<blockquote>
<h2>2.3.2</h2>
<p>This is a security release fixing several security relevant
issues.</p>
<h2>What's Changed</h2>
<ul>
<li>fix: exception when glob pattern contains constructor by <a
href="https://github.com/Jason3S"><code>@Jason3S</code></a> in <a
href="https://redirect.github.com/micromatch/picomatch/pull/144">micromatch/picomatch#144</a></li>
<li>Fix for <a
href="https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj">CVE-2026-33671</a></li>
<li>Fix for <a
href="https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p">CVE-2026-33672</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md">picomatch's
changelog</a>.</em></p>
<blockquote>
<h1>Release history</h1>
<p><strong>All notable changes to this project will be documented in
this file.</strong></p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<!-- raw HTML omitted -->
<ul>
<li>Changelogs are for humans, not machines.</li>
<li>There should be an entry for every single version.</li>
<li>The same types of changes should be grouped.</li>
<li>Versions and sections should be linkable.</li>
<li>The latest version comes first.</li>
<li>The release date of each versions is displayed.</li>
<li>Mention whether you follow Semantic Versioning.</li>
</ul>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<p>Changelog entries are classified using the following labels <em>(from
<a href="http://keepachangelog.com/">keep-a-changelog</a></em>):</p>
<ul>
<li><code>Added</code> for new features.</li>
<li><code>Changed</code> for changes in existing functionality.</li>
<li><code>Deprecated</code> for soon-to-be removed features.</li>
<li><code>Removed</code> for now removed features.</li>
<li><code>Fixed</code> for any bug fixes.</li>
<li><code>Security</code> in case of vulnerabilities.</li>
</ul>
<!-- raw HTML omitted -->
<h2>4.0.0 (2024-02-07)</h2>
<h3>Fixes</h3>
<ul>
<li>Fix bad text values in parse <a
href="https://redirect.github.com/micromatch/picomatch/issues/126">#126</a>,
thanks to <a
href="https://github.com/connor4312"><code>@connor4312</code></a></li>
</ul>
<h3>Changed</h3>
<ul>
<li>Remove process global to work outside of node <a
href="https://redirect.github.com/micromatch/picomatch/issues/129">#129</a>,
thanks to <a
href="https://github.com/styfle"><code>@styfle</code></a></li>
<li>Add sideEffects to package.json <a
href="https://redirect.github.com/micromatch/picomatch/issues/128">#128</a>,
thanks to <a
href="https://github.com/frandiox"><code>@frandiox</code></a></li>
<li>Removed <code>os</code>, make compatible browser environment. See <a
href="https://redirect.github.com/micromatch/picomatch/issues/124">#124</a>,
thanks to <a
href="https://github.com/gwsbhqt"><code>@gwsbhqt</code></a></li>
</ul>
<h2>3.0.1</h2>
<h3>Fixes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2"><code>81cba8d</code></a>
Publish 2.3.2</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce"><code>fc1f6b6</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b"><code>eec17ae</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed"><code>78f8ca4</code></a>
Merge pull request <a
href="https://redirect.github.com/micromatch/picomatch/issues/156">#156</a>
from micromatch/backport-144</li>
<li><a
href="https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b"><code>3f4f10e</code></a>
Merge pull request <a
href="https://redirect.github.com/micromatch/picomatch/issues/144">#144</a>
from Jason3S/jdent-object-properties</li>
<li>See full diff in <a
href="https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2">compare
view</a></li>
</ul>
</details>
<br />
Updates `serve-static` from 1.15.0 to 1.16.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/serve-static/releases">serve-static's
releases</a>.</em></p>
<blockquote>
<h2>v1.16.3</h2>
<h2>What's Changed</h2>
<ul>
<li>deps: send@~0.19.1 by <a
href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/serve-static/pull/227">expressjs/serve-static#227</a></li>
<li>Release: 1.16.3 by <a
href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/serve-static/pull/229">expressjs/serve-static#229</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/serve-static/compare/v1.16.2...v1.16.3">https://github.com/expressjs/serve-static/compare/v1.16.2...v1.16.3</a></p>
<h2>v1.16.2</h2>
<h2>What's Changed</h2>
<ul>
<li>encodeurl@~2.0.0 by <a
href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/serve-static/pull/180">expressjs/serve-static#180</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/serve-static/compare/v1.16.1...v1.16.2">https://github.com/expressjs/serve-static/compare/v1.16.1...v1.16.2</a></p>
<h2>v1.16.1</h2>
<h2>What's Changed</h2>
<ul>
<li>bump send to 0.19 by <a
href="https://github.com/tommasini"><code>@tommasini</code></a> in <a
href="https://redirect.github.com/expressjs/serve-static/pull/176">expressjs/serve-static#176</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/tommasini"><code>@tommasini</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/serve-static/pull/176">expressjs/serve-static#176</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/serve-static/compare/1.16.0...v1.16.1">https://github.com/expressjs/serve-static/compare/1.16.0...v1.16.1</a></p>
<h2>1.16.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Remove link renderization in html while redirecting (<a
href="https://redirect.github.com/expressjs/serve-static/pull/173">expressjs/serve-static#173</a>)</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/serve-static/pull/173">expressjs/serve-static#173</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/serve-static/compare/v1.15.0...1.16.0">https://github.com/expressjs/serve-static/compare/v1.15.0...1.16.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/serve-static/blob/master/HISTORY.md">serve-static's
changelog</a>.</em></p>
<blockquote>
<h1>1.16.3 / 2024-12-15</h1>
<ul>
<li>deps: send@~0.19.1
<ul>
<li>deps: encodeurl@~2.0.0</li>
</ul>
</li>
</ul>
<h1>1.16.2 / 2024-09-11</h1>
<ul>
<li>deps: encodeurl@~2.0.0</li>
</ul>
<h1>1.16.1 / 2024-09-11</h1>
<ul>
<li>deps: send@0.19.0</li>
</ul>
<h1>1.16.0 / 2024-09-10</h1>
<ul>
<li>Remove link renderization in html while redirecting</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/expressjs/serve-static/commit/9acad22498aa5f95b6e887eae1ab9eae63657d8a"><code>9acad22</code></a>
1.16.3 (<a
href="https://redirect.github.com/expressjs/serve-static/issues/229">#229</a>)</li>
<li><a
href="https://github.com/expressjs/serve-static/commit/52dc97d9d3a0269266d005b79eeac295d0a5a895"><code>52dc97d</code></a>
deps: send@~0.19.1 and upgrade Node.js versions on the CI (<a
href="https://redirect.github.com/expressjs/serve-static/issues/227">#227</a>)</li>
<li><a
href="https://github.com/expressjs/serve-static/commit/ec9c5ecfb09368519e4698ffbbe1882de00d0ef2"><code>ec9c5ec</code></a>
1.16.2</li>
<li><a
href="https://github.com/expressjs/serve-static/commit/f454d37c68fdad04b582cb9ac0cd165ab6d19114"><code>f454d37</code></a>
fix(deps): encodeurl@~2.0.0</li>
<li><a
href="https://github.com/expressjs/serve-static/commit/77a8255688cc4affc70e6dc9aa02e3ced4957e77"><code>77a8255</code></a>
1.16.1</li>
<li><a
href="https://github.com/expressjs/serve-static/commit/4263f496876980c165a3104d087c1ebaa046ad3d"><code>4263f49</code></a>
fix(deps): send@0.19.0</li>
<li><a
href="https://github.com/expressjs/serve-static/commit/48c73970b129b96cba448e792576ad89b1f9fbed"><code>48c7397</code></a>
1.16.0</li>
<li><a
href="https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b"><code>0c11fad</code></a>
Merge commit from fork</li>
<li>See full diff in <a
href="https://github.com/expressjs/serve-static/compare/v1.15.0...v1.16.3">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~ulisesgascon">ulisesgascon</a>, a new
releaser for serve-static since your current version.</p>
</details>
<br />
Updates `shell-quote` from 1.8.1 to 1.8.4
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md">shell-quote's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/ljharb/shell-quote/compare/v1.8.3...v1.8.4">v1.8.4</a>
- 2026-05-22</h2>
<h3>Commits</h3>
<ul>
<li>[Fix] <code>quote</code>: validate object-token shapes <a
href="https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d"><code>4378a6e</code></a></li>
<li>[Dev Deps] update <code>@ljharb/eslint-config</code>,
<code>auto-changelog</code>, <code>eslint</code>, <code>npmignore</code>
<a
href="https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6"><code>22ebec0</code></a></li>
<li>[Tests] increase coverage <a
href="https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d"><code>9f3caa3</code></a></li>
<li>[readme] replace runkit CI badge with shields.io check-runs badge <a
href="https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0"><code>3344a04</code></a></li>
<li>[Dev Deps] update <code>@ljharb/eslint-config</code> <a
href="https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4"><code>699c511</code></a></li>
</ul>
<h2><a
href="https://github.com/ljharb/shell-quote/compare/v1.8.2...v1.8.3">v1.8.3</a>
- 2025-06-01</h2>
<h3>Fixed</h3>
<ul>
<li>[Fix] remove unnecessary backslash escaping in single quotes <a
href="https://redirect.github.com/ljharb/shell-quote/issues/15"><code>[#15](https://github.com/ljharb/shell-quote/issues/15)</code></a></li>
</ul>
<h2><a
href="https://github.com/ljharb/shell-quote/compare/v1.8.1...v1.8.2">v1.8.2</a>
- 2024-11-27</h2>
<h3>Fixed</h3>
<ul>
<li>[Fix] <code>quote</code>: preserve empty strings <a
href="https://redirect.github.com/ljharb/shell-quote/issues/18"><code>[#18](https://github.com/ljharb/shell-quote/issues/18)</code></a></li>
</ul>
<h3>Commits</h3>
<ul>
<li>[meta] fix changelog tags <a
href="https://github.com/ljharb/shell-quote/commit/0fb9fd8441aa06f7de995e90ce85bd9e758f5f05"><code>0fb9fd8</code></a></li>
<li>[actions] split out node 10-20, and 20+ <a
href="https://github.com/ljharb/shell-quote/commit/819bd842e0b01f3e5041834ab82bad299851de08"><code>819bd84</code></a></li>
<li>[Dev Deps] update <code>@ljharb/eslint-config</code>,
<code>auto-changelog</code>, <code>npmignore</code>, <code>tape</code>
<a
href="https://github.com/ljharb/shell-quote/commit/fc564086c83317363908b55f6c744ad35983ccca"><code>fc56408</code></a></li>
<li>[actions] update npm for windows tests <a
href="https://github.com/ljharb/shell-quote/commit/fdeb0fd102ecdd4ff227a978532598c462312347"><code>fdeb0fd</code></a></li>
<li>[Dev Deps] update <code>@ljharb/eslint-config</code>,
<code>aud</code>, <code>tape</code> <a
href="https://github.com/ljharb/shell-quote/commit/b8a4a3b3f5ae3ca8ae86b89ed0030e4e3358ef3c"><code>b8a4a3b</code></a></li>
<li>[actions] prevent node 14 on ARM mac from failing <a
href="https://github.com/ljharb/shell-quote/commit/9eecafc0486c9321be223415cf3fb76a5bd07dda"><code>9eecafc</code></a></li>
<li>[meta] exclude more files from the package <a
href="https://github.com/ljharb/shell-quote/commit/4044e7fad4a45e696602060b69b31a95702bee28"><code>4044e7f</code></a></li>
<li>[Tests] replace <code>aud</code> with <code>npm audit</code> <a
href="https://github.com/ljharb/shell-quote/commit/8cfdbd8ec30e653f9f99348e59117ed4a789e1ba"><code>8cfdbd8</code></a></li>
<li>[meta] add missing <code>engines.node</code> <a
href="https://github.com/ljharb/shell-quote/commit/843820e1a46cebcf10d8e48c4d82d0ab5a7b0194"><code>843820e</code></a></li>
<li>[Dev Deps] add missing peer dep <a
href="https://github.com/ljharb/shell-quote/commit/4c3b88d7925d29e9cc1ac76ccde05f4e714ede96"><code>4c3b88d</code></a></li>
<li>[Dev Deps] pin <code>jackspeak</code> since 2.1.2+ depends on npm
aliases, which kill the install process in npm < 6 <a
href="https://github.com/ljharb/shell-quote/commit/80322ed5914a5922d9507946490fbabcc96e624b"><code>80322ed</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ljharb/shell-quote/commit/ff166e2b63eb5f932bd131a8886a99e9afdf45ae"><code>ff166e2</code></a>
v1.8.4</li>
<li><a
href="https://github.com/ljharb/shell-quote/commit/4378a6e613db5948168684864e49b42b83134d2d"><code>4378a6e</code></a>
[Fix] <code>quote</code>: validate object-token shapes</li>
<li><a
href="https://github.com/ljharb/shell-quote/commit/22ebec04349065a45ad8afc8cc8d53c4624634a6"><code>22ebec0</code></a>
[Dev Deps] update <code>@ljharb/eslint-config</code>,
<code>auto-changelog</code>, <code>eslint</code>, `npmig...</li>
<li><a
href="https://github.com/ljharb/shell-quote/commit/9f3caa31900cc6ee64858b31134144c648ce206d"><code>9f3caa3</code></a>
[Tests] increase coverage</li>
<li><a
href="https://github.com/ljharb/shell-quote/commit/3344a047dd1e95f71c4ca27522cbfd05c56277e0"><code>3344a04</code></a>
[readme] replace runkit CI badge with shields.io check-runs badge</li>
<li><a
href="https://github.com/ljharb/shell-quote/commit/699c5113d135f4d4591574bebf173334ffa453d4"><code>699c511</code></a>
[Dev Deps] update <code>@ljharb/eslint-config</code></li>
<li><a
href="https://github.com/ljharb/shell-quote/commit/487a9b41a7b6154d2a9c10bdffe65cf74d2c3ded"><code>487a9b4</code></a>
v1.8.3</li>
<li><a
href="https://github.com/ljharb/shell-quote/commit/01faafff9727bf2b72ede0e7cb291bdd8438a8df"><code>01faaff</code></a>
[Fix] remove unnecessary backslash escaping in single quotes</li>
<li><a
href="https://github.com/ljharb/shell-quote/commit/b19fc77e66871eee10a9978d54c27d802a1da99b"><code>b19fc77</code></a>
v1.8.2</li>
<li><a
href="https://github.com/ljharb/shell-quote/commit/59d29ea6941335258ceb75bab95d045886650436"><code>59d29ea</code></a>
[Fix] <code>quote</code>: preserve empty strings</li>
<li>Additional commits viewable in <a
href="https://github.com/ljharb/shell-quote/compare/v1.8.1...v1.8.4">compare
view</a></li>
</ul>
</details>
<br />
Updates `tmp` from 0.2.5 to 0.2.7
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/raszi/node-tmp/commit/8ea1f37d75c67569e0f151448330d52f7babf211"><code>8ea1f37</code></a>
Bump up the version</li>
<li><a
href="https://github.com/raszi/node-tmp/commit/8f24f788a356b5d45c9bec894632bd4931338153"><code>8f24f78</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/raszi/node-tmp/commit/ce787f37aaacccad921ae90990c9da33481fe59c"><code>ce787f3</code></a>
Reject non-string prefix, postfix, template</li>
<li><a
href="https://github.com/raszi/node-tmp/commit/41f71598d03f104a67e0448a7cb9bd4efcdd5980"><code>41f7159</code></a>
Bump up the version</li>
<li><a
href="https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429"><code>efa4a06</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/raszi/node-tmp/commit/7ef2728ce0211b8110b2033dfe62eaf030341acf"><code>7ef2728</code></a>
Check for relative values</li>
<li>See full diff in <a
href="https://github.com/raszi/node-tmp/compare/v0.2.5...v0.2.7">compare
view</a></li>
</ul>
</details>
<br />
Updates `yaml` from 2.4.5 to 2.9.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/eemeli/yaml/releases">yaml's
releases</a>.</em></p>
<blockquote>
<h2>v2.9.0</h2>
<p>The changes here are really only patches, but I'm releasing this as a
minor version to note a small change to the documentation of
<code>parseDocument()</code> and <code>parseAllDocuments()</code>: I've
removed the claim that they'll "never throw".</p>
<p>It remains the case that practically all non-malicious inputs will be
handled without emitting an error, but there is a decent chance that
code paths remain where e.g. a RangeError due to call stack exhaustion
can be triggered by malicious inputs. Up to now, I've considered these
as security vulnerabilities, and in fact it's the only category of error
for which <code>yaml</code> CVEs have been issued so far.</p>
<p>Starting from this release, I'll be considering such errors as bugs,
but not vulnerabilities. I do welcome people and/or LLMs looking for
them, but please report them as normal issues rather than suspected
security vulnerabilities. This also applies to previously undiscovered
bugs in earlier releases.</p>
<ul>
<li>fix: Avoid calling <code>Array.prototype.push.apply()</code> with
large source array</li>
<li>fix(lexer): Avoid recursive calls that may exhaust the call
stack</li>
</ul>
<h2>v2.8.4</h2>
<ul>
<li>Disable alias resolution with <code>maxAliasCount:0</code> (<a
href="https://redirect.github.com/eemeli/yaml/issues/677">#677</a>)</li>
<li>Handle invalid unicode escapes (e1a1a77)</li>
<li>Apply <code>minFractionDigits</code> only to decimal strings (<a
href="https://redirect.github.com/eemeli/yaml/issues/676">#676</a>)</li>
</ul>
<h2>v2.8.3</h2>
<ul>
<li>Add <code>trailingComma</code> ToString option for multiline flow
formatting (<a
href="https://redirect.github.com/eemeli/yaml/issues/670">#670</a>)</li>
<li>Catch stack overflow during node composition (1e84ebb)</li>
</ul>
<h2>v2.8.2</h2>
<ul>
<li>Serialize -0 as -0 (<a
href="https://redirect.github.com/eemeli/yaml/issues/638">#638</a>)</li>
<li>Do not double newlines for empty map values (<a
href="https://redirect.github.com/eemeli/yaml/issues/642">#642</a>)</li>
</ul>
<h2>v2.8.1</h2>
<ul>
<li>Preserve empty block literals (<a
href="https://redirect.github.com/eemeli/yaml/issues/634">#634</a>)</li>
</ul>
<h2>v2.8.0</h2>
<ul>
<li>Add node cache for faster alias resolution (<a
href="https://redirect.github.com/eemeli/yaml/issues/612">#612</a>)</li>
<li>Re-introduce compatibility with Node.js 14.6 (<a
href="https://redirect.github.com/eemeli/yaml/issues/614">#614</a>)</li>
<li>Add <code>--merge</code> option to CLI tool (<a
href="https://redirect.github.com/eemeli/yaml/issues/611">#611</a>)</li>
<li>Improve error for tag resolution error on null value (<a
href="https://redirect.github.com/eemeli/yaml/issues/616">#616</a>)</li>
<li>Allow empty string as plain scalar representation, for failsafe
schema (<a
href="https://redirect.github.com/eemeli/yaml/issues/616">#616</a>)</li>
<li>docs: include cli example (<a
href="https://redirect.github.com/eemeli/yaml/issues/617">#617</a>)</li>
</ul>
<h2>v2.7.1</h2>
<ul>
<li>Do not allow seq with single-line collection value on same line with
map key (<a
href="https://redirect.github.com/eemeli/yaml/issues/603">#603</a>)</li>
<li>Improve warning & avoid TypeError on bad YAML 1.1 nodes (<a
href="https://redirect.github.com/eemeli/yaml/issues/610">#610</a>)</li>
</ul>
<h2>v2.7.0</h2>
<p>The library is now available on JSR as <a
href="https://jsr.io/@eemeli/yaml">@eemeli/yaml</a> and on deno.land/x
as <a href="https://deno.land/x/yaml">yaml</a>. In addition to Node.js
and browsers, it should work in Deno, Bun, and Cloudflare Workers.</p>
<ul>
<li>Use .ts extension in all relative imports (<a
href="https://redirect.github.com/eemeli/yaml/issues/591">#591</a>)</li>
<li>Ignore newline after block seq indicator as space before value (<a
href="https://redirect.github.com/eemeli/yaml/issues/590">#590</a>)</li>
<li>Require Node.js 14.18 or later (was 14.6) (<a
href="https://redirect.github.com/eemeli/yaml/issues/598">#598</a>)</li>
</ul>
<h2>v2.6.1</h2>
<ul>
<li>Do not strip <code>:00</code> seconds from <code>!!timestamp</code>
values (<a
href="https://redirect.github.com/eemeli/yaml/issues/578">#578</a>, with
thanks to <a
href="https://github.com/qraynaud"><code>@qraynaud</code></a>)</li>
<li>Tighten regexp for JSON <code>!!bool</code> (<a
href="https://redirect.github.com/eemeli/yaml/issues/587">#587</a>, with
thanks to <a
href="https://github.com/vra5107"><code>@vra5107</code></a>)</li>
<li>Default to literal block scalar if folded would overflow (<a
href="https://redirect.github.com/eemeli/yaml/issues/585">#585</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/eemeli/yaml/commit/ddb21b04cb889722cec8f89dc1b67f19d62d7f7d"><code>ddb21b0</code></a>
2.9.0</li>
<li><a
href="https://github.com/eemeli/yaml/commit/167365befdae1f03d53d47a8c6533140a9d48a75"><code>167365b</code></a>
docs: Clarify that not all errors can be avoided</li>
<li><a
href="https://github.com/eemeli/yaml/commit/6eca2a7087548f86c4edb6a7cf2cdfe548759f06"><code>6eca2a7</code></a>
fix: Avoid calling Array.prototype.push.apply() with large source
array</li>
<li><a
href="https://github.com/eemeli/yaml/commit/0543cd57fd61ea15a58e9f0ec2064b8b408177d8"><code>0543cd5</code></a>
fix(lexer): Avoid recursive calls that may exhaust the call stack</li>
<li><a
href="https://github.com/eemeli/yaml/commit/ccdf7439587544f64223429498a1d9ec514eaac1"><code>ccdf743</code></a>
2.8.4</li>
<li><a
href="https://github.com/eemeli/yaml/commit/f625789dbd971c936ff66fe5c49e368062ae7b41"><code>f625789</code></a>
fix: Disable alias resolution with maxAliasCount:0 (<a
href="https://redirect.github.com/eemeli/yaml/issues/677">#677</a>)</li>
<li><a
href="https://github.com/eemeli/yaml/commit/e1a1a7735ff2e9717b87af36795bcd280f85f55d"><code>e1a1a77</code></a>
fix: Handle invalid unicode escapes</li>
<li><a
href="https://github.com/eemeli/yaml/commit/a163ea009c57ab9f1054ca39b24b6ef4c1e9fdbe"><code>a163ea0</code></a>
style: Satify Prettier</li>
<li><a
href="https://github.com/eemeli/yaml/commit/b2a5a6c615673056917aaa04d657802945e81425"><code>b2a5a6c</code></a>
fix: Apply minFractionDigits only to decimal strings (<a
href="https://redirect.github.com/eemeli/yaml/issues/676">#676</a>)</li>
<li><a
href="https://github.com/eemeli/yaml/commit/93c951b3478b4bb061d7b5227fd64f46d3f9df7f"><code>93c951b</code></a>
chore: Bump JSR version to v2.8.3 (<a
href="https://redirect.github.com/eemeli/yaml/issues/673">#673</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/eemeli/yaml/compare/v2.4.5...v2.9.0">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/livekit/client-sdk-react-native/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>1 parent bc1abff commit 62d1c9f
1 file changed
Lines changed: 59 additions & 127 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
6422 | 6422 | | |
6423 | 6423 | | |
6424 | 6424 | | |
6425 | | - | |
| 6425 | + | |
6426 | 6426 | | |
6427 | 6427 | | |
6428 | 6428 | | |
| |||
7281 | 7281 | | |
7282 | 7282 | | |
7283 | 7283 | | |
7284 | | - | |
7285 | | - | |
| 7284 | + | |
| 7285 | + | |
7286 | 7286 | | |
7287 | | - | |
| 7287 | + | |
7288 | 7288 | | |
7289 | 7289 | | |
7290 | | - | |
| 7290 | + | |
7291 | 7291 | | |
7292 | 7292 | | |
7293 | 7293 | | |
| |||
7460 | 7460 | | |
7461 | 7461 | | |
7462 | 7462 | | |
7463 | | - | |
| 7463 | + | |
7464 | 7464 | | |
7465 | 7465 | | |
7466 | 7466 | | |
| |||
7964 | 7964 | | |
7965 | 7965 | | |
7966 | 7966 | | |
| 7967 | + | |
| 7968 | + | |
| 7969 | + | |
| 7970 | + | |
| 7971 | + | |
| 7972 | + | |
| 7973 | + | |
| 7974 | + | |
| 7975 | + | |
| 7976 | + | |
| 7977 | + | |
| 7978 | + | |
| 7979 | + | |
7967 | 7980 | | |
7968 | 7981 | | |
7969 | 7982 | | |
| |||
8103 | 8116 | | |
8104 | 8117 | | |
8105 | 8118 | | |
8106 | | - | |
| 8119 | + | |
8107 | 8120 | | |
8108 | 8121 | | |
8109 | 8122 | | |
| |||
9263 | 9276 | | |
9264 | 9277 | | |
9265 | 9278 | | |
9266 | | - | |
9267 | | - | |
9268 | | - | |
9269 | | - | |
9270 | | - | |
9271 | | - | |
9272 | | - | |
9273 | | - | |
9274 | | - | |
9275 | | - | |
9276 | | - | |
9277 | | - | |
9278 | | - | |
| 9279 | + | |
9279 | 9280 | | |
9280 | 9281 | | |
9281 | 9282 | | |
| |||
9287 | 9288 | | |
9288 | 9289 | | |
9289 | 9290 | | |
9290 | | - | |
9291 | | - | |
9292 | | - | |
9293 | | - | |
9294 | | - | |
9295 | | - | |
9296 | | - | |
9297 | | - | |
9298 | | - | |
9299 | | - | |
9300 | | - | |
9301 | | - | |
| 9291 | + | |
9302 | 9292 | | |
9303 | 9293 | | |
9304 | 9294 | | |
| |||
10677 | 10667 | | |
10678 | 10668 | | |
10679 | 10669 | | |
10680 | | - | |
| 10670 | + | |
10681 | 10671 | | |
10682 | 10672 | | |
10683 | 10673 | | |
| |||
10989 | 10979 | | |
10990 | 10980 | | |
10991 | 10981 | | |
10992 | | - | |
10993 | | - | |
10994 | | - | |
| 10982 | + | |
| 10983 | + | |
| 10984 | + | |
10995 | 10985 | | |
10996 | 10986 | | |
10997 | 10987 | | |
10998 | | - | |
10999 | | - | |
11000 | | - | |
11001 | | - | |
11002 | | - | |
11003 | | - | |
11004 | | - | |
11005 | | - | |
| 10988 | + | |
11006 | 10989 | | |
11007 | 10990 | | |
11008 | 10991 | | |
| |||
11970 | 11953 | | |
11971 | 11954 | | |
11972 | 11955 | | |
11973 | | - | |
11974 | | - | |
11975 | | - | |
11976 | | - | |
11977 | | - | |
11978 | | - | |
11979 | | - | |
11980 | | - | |
11981 | | - | |
11982 | | - | |
11983 | | - | |
11984 | | - | |
11985 | | - | |
11986 | | - | |
11987 | | - | |
11988 | | - | |
11989 | | - | |
11990 | | - | |
11991 | | - | |
11992 | | - | |
11993 | | - | |
11994 | | - | |
11995 | | - | |
11996 | | - | |
| 11956 | + | |
| 11957 | + | |
| 11958 | + | |
11997 | 11959 | | |
11998 | 11960 | | |
11999 | 11961 | | |
12000 | 11962 | | |
12001 | | - | |
| 11963 | + | |
12002 | 11964 | | |
12003 | 11965 | | |
12004 | | - | |
12005 | | - | |
| 11966 | + | |
| 11967 | + | |
12006 | 11968 | | |
12007 | 11969 | | |
12008 | | - | |
| 11970 | + | |
12009 | 11971 | | |
12010 | | - | |
12011 | | - | |
| 11972 | + | |
| 11973 | + | |
12012 | 11974 | | |
12013 | 11975 | | |
12014 | 11976 | | |
| |||
12019 | 11981 | | |
12020 | 11982 | | |
12021 | 11983 | | |
12022 | | - | |
12023 | | - | |
12024 | | - | |
12025 | | - | |
12026 | | - | |
12027 | | - | |
12028 | | - | |
12029 | | - | |
12030 | | - | |
12031 | | - | |
12032 | | - | |
12033 | | - | |
12034 | | - | |
12035 | | - | |
12036 | | - | |
| 11984 | + | |
| 11985 | + | |
| 11986 | + | |
12037 | 11987 | | |
12038 | 11988 | | |
12039 | 11989 | | |
12040 | 11990 | | |
12041 | | - | |
12042 | | - | |
| 11991 | + | |
| 11992 | + | |
12043 | 11993 | | |
12044 | 11994 | | |
12045 | 11995 | | |
| |||
12076 | 12026 | | |
12077 | 12027 | | |
12078 | 12028 | | |
12079 | | - | |
| 12029 | + | |
12080 | 12030 | | |
12081 | 12031 | | |
12082 | 12032 | | |
| |||
12099 | 12049 | | |
12100 | 12050 | | |
12101 | 12051 | | |
12102 | | - | |
12103 | | - | |
12104 | | - | |
12105 | | - | |
12106 | | - | |
12107 | | - | |
12108 | | - | |
12109 | | - | |
12110 | | - | |
12111 | | - | |
12112 | | - | |
| 12052 | + | |
| 12053 | + | |
| 12054 | + | |
| 12055 | + | |
12113 | 12056 | | |
12114 | 12057 | | |
12115 | 12058 | | |
| |||
12277 | 12220 | | |
12278 | 12221 | | |
12279 | 12222 | | |
| 12223 | + | |
| 12224 | + | |
| 12225 | + | |
| 12226 | + | |
| 12227 | + | |
| 12228 | + | |
| 12229 | + | |
12280 | 12230 | | |
12281 | 12231 | | |
12282 | 12232 | | |
| |||
12450 | 12400 | | |
12451 | 12401 | | |
12452 | 12402 | | |
12453 | | - | |
| 12403 | + | |
12454 | 12404 | | |
12455 | 12405 | | |
12456 | 12406 | | |
| |||
12572 | 12522 | | |
12573 | 12523 | | |
12574 | 12524 | | |
12575 | | - | |
12576 | | - | |
12577 | | - | |
| 12525 | + | |
| 12526 | + | |
| 12527 | + | |
12578 | 12528 | | |
12579 | 12529 | | |
12580 | 12530 | | |
| |||
12601 | 12551 | | |
12602 | 12552 | | |
12603 | 12553 | | |
12604 | | - | |
| 12554 | + | |
12605 | 12555 | | |
12606 | 12556 | | |
12607 | 12557 | | |
| |||
13349 | 13299 | | |
13350 | 13300 | | |
13351 | 13301 | | |
13352 | | - | |
13353 | | - | |
13354 | | - | |
13355 | | - | |
13356 | | - | |
13357 | | - | |
13358 | | - | |
13359 | | - | |
13360 | | - | |
13361 | | - | |
13362 | | - | |
13363 | | - | |
13364 | | - | |
13365 | | - | |
13366 | | - | |
13367 | | - | |
13368 | | - | |
13369 | | - | |
13370 | | - | |
| 13302 | + | |
13371 | 13303 | | |
13372 | 13304 | | |
13373 | 13305 | | |
| |||
0 commit comments