Bump the npm_and_yarn group across 1 directory with 17 updates

[dependabot]

Bumps the npm_and_yarn group with 15 updates in the / directory:

Package	From	To
gh-pages	2.2.0	5.0.0
node-sass	6.0.1	7.0.0
ajv	6.10.1	6.12.6
browserify-sign	4.2.1	4.2.3
decode-uri-component	0.2.0	0.2.2
eventsource	1.1.0	1.1.2
express	4.17.2	4.19.2
follow-redirects	1.14.8	1.15.6
qs	6.5.2	6.5.3
tar	6.1.11	6.2.1
terser	4.8.0	4.8.1
underscore	1.9.1	1.13.6
url-parse	1.5.4	1.5.10
ws	6.2.2	6.2.3
y18n	3.2.1	3.2.2

Updates gh-pages from 2.2.0 to 5.0.0

Release notes

Sourced from gh-pages's releases.

v5.0.0

Potentially breaking change: the publish method now always returns a promise. Previously, it did not return a promise in some error cases. This should not impact most users.

Updates to the development dependencies required a minimum Node version of 14 for the tests. The library should still work on Node 12, but tests are no longer run in CI for version 12. A future major version of the library may drop support for version 12 altogether.

What's Changed

• Assorted updates by @​tschaub in tschaub/gh-pages#452
• Update README to clarify project site configuration requirements with tools like CRA, webpack, Vite, etc. by @​Nezteb in tschaub/gh-pages#445
• Bump actions/checkout from 2 to 3 by @​dependabot in tschaub/gh-pages#453
• Bump actions/setup-node from 1 to 3 by @​dependabot in tschaub/gh-pages#455
• Bump email-addresses from 3.0.1 to 5.0.0 by @​dependabot in tschaub/gh-pages#454
• Bump async from 2.6.4 to 3.2.4 by @​dependabot in tschaub/gh-pages#459
• Remove quotation marks by @​Vicropht in tschaub/gh-pages#438

New Contributors

• @​Nezteb made their first contribution in tschaub/gh-pages#445
• @​Vicropht made their first contribution in tschaub/gh-pages#438

Full Changelog: tschaub/gh-pages@v4.0.0...v5.0.0

v4.0.0

This release doesn't include any breaking changes, but due to updated development dependencies, tests are no longer run on Node 10.

What's Changed

• Bump minimist from 1.2.5 to 1.2.6 by @​dependabot in tschaub/gh-pages#423
• Bump async from 2.6.1 to 2.6.4 by @​dependabot in tschaub/gh-pages#427
• Bump path-parse from 1.0.6 to 1.0.7 by @​dependabot in tschaub/gh-pages#431
• Bump ansi-regex from 3.0.0 to 3.0.1 by @​dependabot in tschaub/gh-pages#430
• Updated dev dependencies and formatting by @​tschaub in tschaub/gh-pages#432

Full Changelog: tschaub/gh-pages@v3.2.3...v4.0.0

v3.2.3

• #398 - Update glob-parent (@​tschaub)
• #395 - Switch from filenamify-url to filenamify (@​tw0517tw)

v3.0.0

Breaking changes:

None really. But tests are no longer run on Node < 10. Development dependencies were updated to address security warnings, and this meant tests could no longer be run on Node 6 or 8. If you still use these Node versions, you may still be able to use this library, but be warned that tests are no longer run on these versions.

All changes:

• #357 - Dev dependency updates (@​tschaub)
• #333 - Update readme with command line options (@​Victoire44)
• #356 - Test as a GitHub action (@​tschaub)
• #355 - feat(beforeAdd): allow custom script before git add (@​Xiphe)
• #336 - Fix remove not working properly (@​sunghwan2789)
• #328 - Update .travis.yml (@​XhmikosR)

... (truncated)

Changelog

Sourced from gh-pages's changelog.

v5.0.0

Potentially breaking change: the publish method now always returns a promise. Previously, it did not return a promise in some error cases. This should not impact most users.

Updates to the development dependencies required a minimum Node version of 14 for the tests. The library should still work on Node 12, but tests are no longer run in CI for version 12. A future major version of the library may drop support for version 12 altogether.

• #438 - Remove quotation marks (@​Vicropht)
• #459 - Bump async from 2.6.4 to 3.2.4 (@​tschaub)
• #454 - Bump email-addresses from 3.0.1 to 5.0.0 (@​tschaub)
• #455 - Bump actions/setup-node from 1 to 3 (@​tschaub)
• #453 - Bump actions/checkout from 2 to 3 (@​tschaub)
• #445 - Update README to clarify project site configuration requirements with tools like CRA, webpack, Vite, etc. (@​Nezteb)
• #452 - Assorted updates (@​tschaub)

v4.0.0

This release doesn't include any breaking changes, but due to updated development dependencies, tests are no longer run on Node 10.

• #432 - Updated dev dependencies and formatting (@​tschaub)
• #430 - Bump ansi-regex from 3.0.0 to 3.0.1 (@​tschaub)
• #431 - Bump path-parse from 1.0.6 to 1.0.7 (@​tschaub)
• #427 - Bump async from 2.6.1 to 2.6.4 (@​tschaub)
• #423 - Bump minimist from 1.2.5 to 1.2.6 (@​tschaub)

v3.2.3

• #398 - Update glob-parent (@​tschaub)
• #395 - Switch from filenamify-url to filenamify (@​tw0517tw)

v3.2.2

• #396 - Revert "security(deps): bump filenamify-url to 2.1.1" (@​tschaub)

v3.2.1

• #393 - security(deps): bump filenamify-url to 2.1.1 (@​AviVahl)

v3.2.0

This release updates a few development dependencies and adds a bit of documentation.

• #391 - Update dev dependencies (@​tschaub)
• #375 - Add note about domain problem (@​demee)
• #390 - Fix little typo in the README (@​cizordj)
• #388 - Bump hosted-git-info from 2.8.8 to 2.8.9 (@​tschaub)
• #387 - Bump y18n from 4.0.0 to 4.0.3 (@​tschaub)
• #378 - Add GitHub Actions tips to readme.md (@​mickelsonmichael)
• #386 - Bump lodash from 4.17.14 to 4.17.21 (@​tschaub)

... (truncated)

Commits

• f729b97 5.0.0
• 51534c7 Log changes
• ace063b Merge pull request #438 from Vicropht/patch-1
• 58e54be Merge pull request #459 from tschaub/dependabot/npm_and_yarn/async-3.2.4
• 2189df3 Bump async from 2.6.4 to 3.2.4
• 051846e Merge pull request #454 from tschaub/dependabot/npm_and_yarn/email-addresses-...
• 5c91c67 Merge pull request #455 from tschaub/dependabot/github_actions/actions/setup-...
• fe0ad83 Merge pull request #453 from tschaub/dependabot/github_actions/actions/checko...
• b89287d Merge pull request #445 from Nezteb/patch-1
• e890bd1 Bump email-addresses from 3.0.1 to 5.0.0
• Additional commits viewable in compare view

Updates node-sass from 6.0.1 to 7.0.0

Release notes

Sourced from node-sass's releases.

v7.0.0

Breaking changes

• Drop support for Node 15 (@​nschonni)
• Set rejectUnauthorized to true by default (@​scott-ut, #3149)

Features

• Add support for Node 17 (@​nschonni)

Dependencies

• Bump eslint from 7.32.0 to 8.0.0 (@​nschonni, #3191)
• Bump fs-extra from 0.30.0 to 10.0.0 (@​nschonni, #3102)
• Bump npmlog from 4.1.2 to 5.0.0 (@​nschonni, #3156)
• Bump chalk from 1.1.3 to 4.1.2 (@​nschonni, #3161)

Community

• Remove double word "support" from documentation (@​pzrq, #3159)

Misc

• Bump various GitHub Actions dependencies (@​nschonni)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	12, 14, 16, 17
OSX	x64	12, 14, 16, 17
Linux*	x64	12, 14, 16, 17
Alpine Linux	x64	12, 14, 16, 17
FreeBSD	i386 amd64	12, 14

*Linux support refers to major distributions like Ubuntu, and Debian

Commits

• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
• bfa1a3c build(deps): bump actions/setup-node from 2.4.0 to 2.4.1
• 80d6c00 chore: Windows x86 on GitHub Actions (#3041)
• 566dc27 build(deps-dev): bump fs-extra from 0.30.0 to 10.0.0 (#3102)
• 7bb5157 build(deps): bump npmlog from 4.1.2 to 5.0.0 (#3156)
• 2efb38f build(deps): bump chalk from 1.1.3 to 4.1.2 (#3161)
• Additional commits viewable in compare view

Updates ajv from 6.10.1 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@​sambauers, #1143) Option keywords to add custom keywords (@​franciscomorais, #1137) Types fixes (@​boenrobot, @​MattiAstedrone) Docs:

• error logging example (@​RadiationSickness)
• TypeScript usage notes (@​thetric)

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @​cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

v6.10.2

Fix: the unknown keywords were ignored with the option strictKeywords: true (instead of failing compilation) in some sub-schemas (e.g. anyOf), when the sub-schema didn't have known keywords.

Commits

• fe59143 6.12.6
• d580d3e Merge pull request #1298 from ajv-validator/fix-url
• fd36389 fix: regular expression for "url" format
• 490e34c docs: link to v7-beta branch
• 9cd93a1 docs: note about v7 in readme
• 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
• f1c8e45 6.12.5
• 764035e Merge branch 'ChALkeR-chalker/fix-comma'
• 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
• a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
• Additional commits viewable in compare view

Updates browserify-sign from 4.2.1 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

• [patch] widen support to 0.12 9247adf
• [patch] drop minimum node support to v1 4d0ee49
• [Dev Deps] update aud, npmignore, tape 87f3a35
• [actions] remove redundant finisher 37a4758
• [Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12
• [Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)
• [Deps] update elliptic fb261ce
• [Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

• [Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

• Only apps should have lockfiles 09a8995
• [eslint] switch to eslint 83fe463
• [meta] add npmignore and auto-changelog 4418183
• [meta] fix package.json indentation 9ac5a5e
• [Tests] migrate from travis to github actions d845d85
• [Fix] sign: throw on unsupported padding scheme 8767739
• [Fix] properly check the upper bound for DSA signatures 85994cd
• [Tests] handle openSSL not supporting a scheme f5f17c2
• [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
• [Dev Deps] update nyc, standard, tape cc5350b
• [Tests] always run coverage; downgrade nyc 75ce1d5
• [meta] add safe-publish-latest dcf49ce
• [Tests] add npm run posttest 75dd8fd
• [Dev Deps] update tape 3aec038
• [Tests] skip unsupported schemes 703c83e
• [Tests] node < 6 lacks array includes 3aa43cf
• [Dev Deps] fix eslint range 98d4e0d

Commits

• bf2c3ec v4.2.3
• 9247adf [patch] widen support to 0.12
• f427270 [Deps] update `parse-asn1
• 87f3a35 [Dev Deps] update aud, npmignore, tape
• fb261ce [Deps] update elliptic
• 4d0ee49 [patch] drop minimum node support to v1
• 9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
• 168e16f [Deps] pin elliptic due to a breaking change
• 37a4758 [actions] remove redundant finisher
• 4af5a90 v4.2.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates eventsource from 1.1.0 to 1.1.2

Changelog

Sourced from eventsource's changelog.

1.1.2

• Inline origin resolution, drops original dependency (#281 Espen Hovlandsdal)

1.1.1

• Do not include authorization and cookie headers on redirect to different origin (#273 Espen Hovlandsdal)

Commits

• 0a8b85b 1.1.2
• f99ae66 docs: update history for 1.1.2
• 06c9721 chore: rebuild polyfill
• 9494642 fix: inline origin resolution, drop original dependency (#281)
• aa7a408 1.1.1
• 56d489e chore: rebuild polyfill
• 4a951e5 docs: update history for 1.1.1
• f9f6416 fix: strip sensitive headers on redirect to different origin
• See full diff in compare view

Updates express from 4.17.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: [email protected] and [email protected] by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add [email protected] by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]
• deps: [email protected]
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: [email protected]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates follow-redirects from 1.14.8 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates qs from 6.5.2 to 6.5.3

Changelog

Sourced from qs's changelog.

6.5.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] correctly parse nested arrays
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Refactor] utils: reduce observable [[Get]]s
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [Refactor] parse: only need to reassign the var once
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] always use String(x) over x.toString()
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

Commits

• 298bfa5 v6.5.3
• ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
• 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
• 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
• 12ac1c4 [meta] fix README.md (#399)
• 0338716 [actions] backport actions from main
• 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
• 51b8a0b add FUNDING.yml
• 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
• f814a7f [Dev Deps] backport from main
• Additional commits viewable in compare view

Updates request from 2.88.0 to 2.88.2

Changelog

Sourced from request's changelog.

Change Log

Commits

• See full diff in compare view

Updates tar from 6.1.11 to 6.2.1

Release notes

Sourced from tar's releases.

v6.1.13

6.1.13 (2022-12-07)

Dependencies

• cc4e0dd #343 bump minipass from 3.3.6 to 4.0.0

v6.1.12

6.1.12 (2022-10-31)

Bug Fixes

• 57493ee #332 ensuring close event is emited after stream has ended (@​webark)
• b003c64 #314 replace deprecated String.prototype.substr() (#314) (@​CommanderRoot, @​lukekarrys)

Documentation

• f129929 #313 remove dead link to benchmarks (#313) (@​yetzt)
• c1faa9f add examples/explanation of using tar.t (@​isaacs)

Changelog

Sourced from tar's changelog.

Changelog

7.4

• Deprecate onentry in favor of onReadEntry for clarity.

7.3

• Add onWriteEntry option

7.2

• DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

• Update minipass to v7.1.0
• Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

• Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
• Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
• Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
• Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

6.2

• Add support for brotli compression
• Add maxDepth option to prevent extraction into excessively deep folders.

6.1

• remove dead link to benchmarks (#313) (@​yetzt)
• add examples/explanation of using tar.t (@​isaacs)
• ensure close event is emited after stream has ended (@​webark)

... (truncated)

Commits

• bef7b1e 6.2.1
• fe8cd57 prevent extraction in excessively deep subfolders
• fe7ebfd remove security.md
• 5bc9d40 6.2.0
• fe1ef5e changelog 6.2
• e483220 get rid of npm lint stuff
• 689928a ci that works outside of npm org
• db6f539 file inference improvements for .tbr and .tgz
• 336fa8f refactor: dry and other pr comments
• eeba222 chore: lint fixes
• Additional commits viewable in compare view

Updates terser from 4.8.0 to 4.8.1

Changelog

Sourced from terser's changelog.

v4.8.1 (backport)

• Security fix for RegExps that should not be evaluated (regexp DDOS)

Commits

• 40674a4 update changelog, version
• d8cc569 backport fix to potential regexp DDOS
• See full diff in compare view

Updates tough-cookie from 2.4.3 to 2.5.0

Commits

• 7c1fdf1 2.5.0
• 9ff4ba5 Qualify the store.removeAllCookies documentation
• 1855bf3 Additional documentation for removeAllCookies
• 5cc9bd2 Extract tests, cover multiple error path
• 28f0808 Only call removeAllCookies if actually implemented
• 62802ef remove all cookies from cookie jar at once (#115)
• 8783d46 Remove left-over mention of MPL from README
• 8302ebc Merge pull request #121 from salesforce/punycode-2.1
• d6ea115 Merge pull request #120 from salesforce/no-package-lock
• b897b49 Merge pull request #119 from salesforce/inline-version
• Additional commits viewable in compare view

Updates underscore from 1.9.1 to 1.13.6

Commits

• bd2d35c Merge remote-tracking branch 'upstream/master'
• 2e7c0f2 Update generated files, tag 1.13.6 release
• 732cafe Underscore 1.13.6
• e8f86fb Add changelog entry for versioin 1.13.6
• 43e827a Bump the version to 1.13.6 (hotfix)
• 1c1d1a2 Remove patch-package postinstall script
• 4eb6894 Merge pull request #2974 from paulsmithkc/patch-1
• 2edcdc1 Hostfix for broken builds

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/[email protected]	None	0	6.23 kB	mafintosh
npm/[email protected]	filesystem, shell	+22	1.22 MB	tschaub
npm/[email protected]	filesystem Transitive: environment	+4	78.5 kB	isaacs
npm/[email protected]	None	0	9.3 kB	isaacs
npm/[email protected]	None	0	42.1 kB	whitequark
npm/[email protected]	None	0	1.55 kB	cwmma
npm/[email protected]	None	0	422 kB	kkoopa
npm/[email protected]	environment, filesystem Transitive: shell	+99	8.8 MB	xzyfer
npm/[email protected]	None	0	19.1 kB	indutny
npm/[email protected]	None	0	10.3 kB	dougwilson
npm/[email protected]	None	0	6.36 kB	cwmma
npm/[email protected]	None	0	8.46 kB	dougwilson
npm/[email protected]	None	0	4.31 kB	dougwilson

🚮 Removed packages: npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎