Bump the npm_and_yarn group across 1 directory with 12 updates

[dependabot]

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package	From	To
@google-cloud/firestore	3.7.3	7.8.0
firebase-admin	8.10.0	12.1.1
semver	5.7.1	5.7.2
bl	1.2.2	1.2.3
ansi-regex	3.0.0	3.0.1
braces	3.0.2	3.0.3
debug	4.1.1	4.3.5
lodash	4.17.19	4.17.21
minimist	1.2.5	1.2.8

Updates @google-cloud/firestore from 3.7.3 to 7.8.0

Release notes

Sourced from @​google-cloud/firestore's releases.

v7.8.0

7.8.0 (2024-05-28)

Features

• Query profiling for VectorQuery (d406f14)
• Update Nodejs generator to send API versions in headers for GAPICs (#2041) (6dbe4b0)

v7.7.0

7.7.0 (2024-05-07)

Features

• Add several fields to manage state of database encryption update (5811492)
• Lazy-started transactions (#2017) (2c726a1)

Bug Fixes

• Nonblocking rollback (#2039) (52099c8)
• Upgrade the google-gax dependency version. (#2040) (0b9efa6)

v7.6.0

7.6.0 (2024-04-02)

Features

• Vector Search (#2006) (e906b42)

v7.5.0

7.5.0 (2024-03-25)

Features

• Protos and autogen client for vector (#2027) (c65cef0)
• Query Profile (#2014) (9a45ec8)

v7.4.0

7.4.0 (2024-03-15)

Features

• A new message Backup is added (#2021) (6bced86)
• A new message BackupSchedule is added (6bced86)
• A new message CreateBackupScheduleRequest is added (6bced86)

... (truncated)

Changelog

Sourced from @​google-cloud/firestore's changelog.

7.8.0 (2024-05-28)

Features

• Query profiling for VectorQuery (d406f14)
• Update Nodejs generator to send API versions in headers for GAPICs (#2041) (6dbe4b0)

7.7.0 (2024-05-07)

Features

• Add several fields to manage state of database encryption update (5811492)
• Lazy-started transactions (#2017) (2c726a1)

Bug Fixes

• Nonblocking rollback (#2039) (52099c8)
• Upgrade the google-gax dependency version. (#2040) (0b9efa6)

7.6.0 (2024-04-02)

Features

• Vector Search (#2006) (e906b42)

7.5.0 (2024-03-25)

Features

• Protos and autogen client for vector (#2027) (c65cef0)
• Query Profile (#2014) (9a45ec8)

7.4.0 (2024-03-15)

Features

• A new message Backup is added (#2021) (6bced86)
• A new message BackupSchedule is added (6bced86)
• A new message CreateBackupScheduleRequest is added (6bced86)
• A new message DailyRecurrence is added (6bced86)
• A new message DeleteBackupRequest is added (6bced86)
• A new message DeleteBackupScheduleRequest is added (6bced86)
• A new message GetBackupRequest is added (6bced86)
• A new message GetBackupScheduleRequest is added (6bced86)

... (truncated)

Commits

• df748ac chore(main): release 7.8.0 (#2048)
• 6dbe4b0 feat: update Nodejs generator to send API versions in headers for GAPICs (#2041)
• d406f14 feat: Query profiling for VectorQuery (#2045)
• 1e949b8 chore: refactor reference.ts to one class per file (#2037)
• 591fff1 chore(deps): update dependency sinon to v18 (#2044)
• 392ecf3 chore(main): release 7.7.0 (#2038)
• 0b9efa6 fix: Upgrade the google-gax dependency version. (#2040)
• 52099c8 fix: Nonblocking rollback (#2039)
• 2c726a1 feat: Lazy-started transactions (#2017)
• 5811492 docs: Allow 14 week backup retention for Firestore daily backups (#2031)
• Additional commits viewable in compare view

Updates firebase-admin from 8.10.0 to 12.1.1

Release notes

Sourced from firebase-admin's releases.

Firebase Admin Node.js SDK v12.1.1

Bug Fixes

• fix: Export error classes (#2151)

Miscellaneous

• [chore] Release 12.1.1 (#2561)
• build(deps): updgrade jwks-rsa (#2570)
• --- (#2568)
• --- (#2566)
• --- (#2567)
• --- (#2569)
• build(deps-dev): bump @​firebase/auth-types from 0.12.1 to 0.12.2 (#2556)
• build(deps-dev): bump @​microsoft/api-extractor from 7.43.2 to 7.43.7 (#2559)
• chore: upgrade firestore to 7.7.0 (#2560)
• build(deps-dev): bump @​firebase/app-compat from 0.2.32 to 0.2.33 (#2555)
• build(deps): bump @​google-cloud/firestore from 7.6.0 to 7.7.0 (#2558)
• Fix api extractor issues to expose error types (#2549)
• build(deps-dev): bump @​types/lodash from 4.17.0 to 4.17.1 (#2546)
• build(deps): bump @​google-cloud/storage from 7.10.2 to 7.11.0 (#2547)
• build(deps-dev): bump @​microsoft/api-extractor from 7.43.1 to 7.43.2 (#2545)
• build(deps): bump @​types/node from 20.12.7 to 20.12.10 (#2544)
• build(deps-dev): bump @​firebase/app-compat from 0.2.31 to 0.2.32 (#2540)
• build(deps): bump @​google-cloud/storage from 7.10.1 to 7.10.2 (#2541)
• build(deps): bump @​google-cloud/storage from 7.10.0 to 7.10.1 (#2536)
• Update package.json to use farmhash 3.3.1 (#2534)

Firebase Admin Node.js SDK v12.1.0

New Features

• feat(rc): Add server side Remote Config support (#2529)

Miscellaneous

• [chore] Release 12.1.0 (#2532)
• Fix minor typo (#2533)
• chore: Excluding certain event_types from processing uid (#2370)
• build(deps-dev): bump gulp from 4.0.2 to 5.0.0 (#2526)
• build(deps-dev): bump @​firebase/app-compat from 0.2.29 to 0.2.30 (#2527)
• build(deps): bump @​google-cloud/firestore from 7.5.0 to 7.6.0 (#2528)
• build(deps): bump undici in /.github/actions/send-email (#2521)
• build(deps-dev): bump @​firebase/auth-types from 0.12.0 to 0.12.1 (#2514)
• build(deps-dev): bump mocha from 10.3.0 to 10.4.0 (#2513)
• build(deps): bump @​types/node from 20.11.30 to 20.12.2 (#2516)
• build(deps): bump @​google-cloud/firestore from 7.4.0 to 7.5.0 (#2517)
• build(deps-dev): bump @​firebase/app-compat from 0.2.28 to 0.2.29 (#2510)
• build(deps): bump @​google-cloud/storage from 7.7.0 to 7.9.0 (#2509)

... (truncated)

Commits

• e2515f2 [chore] Release 12.1.1 (#2561)
• 4d4fd39 build(deps): updgrade jwks-rsa (#2570)
• 1754b7e --- (#2568)
• 72f0169 --- (#2566)
• 8f622cf --- (#2567)
• f8f8eb9 --- (#2569)
• ee78c87 build(deps-dev): bump @​firebase/auth-types from 0.12.1 to 0.12.2 (#2556)
• f837c23 build(deps-dev): bump @​microsoft/api-extractor from 7.43.2 to 7.43.7 (#2559)
• 41aea3a chore: upgrade firestore to 7.7.0 (#2560)
• 26cd8b0 build(deps-dev): bump @​firebase/app-compat from 0.2.32 to 0.2.33 (#2555)
• Additional commits viewable in compare view

Updates @grpc/grpc-js from 0.7.6 to 1.10.9

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.10.9

• Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@​grpc/grpc-js 1.10.8

• Fix a bug that caused channels with unix: targets to not reconnect after the channel goes idle (#2750)

@​grpc/grpc-js 1.10.7

• Improve reporting of HTTP error codes (#2723)
• Update dependency on @grpc/proto-loader to the latest version (#2732)

@​grpc/grpc-js 1.10.6

• Fix a bug that could cause a server to sometimes send the status early (#2708)

@​grpc/grpc-js 1.10.5

• Resolve exception when Error.stackTraceLimit is undefined (#2701 contributed by @​davidfiala)
• Call configured checkServerIdentity when grpc.ssl_target_name_override is set (#2704)
• Add more information to DEADLINE_EXCEEDED error details strings (#2692)

@​grpc/grpc-js 1.10.4

• Fix a bug that caused server interceptors to crash when using partially-populated ResponderBuilder and ListenerBuilder objects (#2696)
• Avoid sending RST_STREAM from the client when the server has already finished its side of the stream (#2695)

@​grpc/grpc-js 1.10.3

• Revert client reconnection changes in #2680 (#2691)

@​grpc/grpc-js 1.10.2

• Implement server connection idle timeouts and improve channelz performance (#2677 contributed by @​AVVS)
• Fix a bug that caused clients to automatically reconnect even when there were no active requests (#2680)
• Modify order of server call events to more closely match pre-1.10.x behavior (#2683)

@​grpc/grpc-js 1.10.1

• Fix a bug causing channels using the round_robin LB policy to fail to reconnect after a connection drops (#2667)

@​grpc/grpc-js-xds 1.10.1

• Update dependency on @grpc/proto-loader to the latest version (#2732)

@​grpc/grpc-js-xds 1.10.0

• Implement gRFC A52: gRPC xDS Custom Load Balancer Configuration (#2555)
• Implement gRFC A42: xDS Ring Hash LB Policy (#2568)
  • Note: This feature is not compatible with Node 14 or below. To disable it in those versions, set the environment variable GRPC_XDS_EXPERIMENTAL_ENABLE_RING_HASH=false.
• Implement the xDS part of gRFC A62: pick_first: sticky TRANSIENT_FAILURE and address order randomization (Currently experimental, enabled by environment variable GRPC_EXPERIMENTAL_PICKFIRST_LB_CONFIG) (#2572)

@​grpc/grpc-js 1.10.0

Changelog

• Add server interceptors support (#2650) (details in gRFC L112)
• Deprecate Server#start (#2597) (details in gRFC L107)
• Add Server#unbind (#2612) (details in gRFC L109)
• Add Server#drain (#2616) (details in gRFC L111)
• Export type VerifyOptions (#2637 contributed by @​chakhsu)

... (truncated)

Commits

• 674f4e3 Merge pull request from GHSA-7v5v-9h63-cj86
• 7ecaa2d grpc-js: Bump to 1.10.9
• e64d816 grpc-js: Avoid buffering significantly more than max_receive_message_size per...
• 45e5fe5 Merge pull request #2750 from murgatroid99/grpc-js_idle_uds_fix
• 87a3541 grpc-js: Fix UDS channels not reconnecting after going idle
• 3105791 Merge pull request #2740 from sergiitk/backport-1.10-psm-interop-common-prod-...
• fec135a Merge pull request #2729 from sergiitk/psm-interop-common-prod-tests
• 76fe802 Merge pull request #2739 from murgatroid99/backport-1.10-grpc-js_linkify-it_fix
• d5edf49 Merge pull request #2735 from murgatroid99/grpc-js_linkify-it_fix
• 23c05fc Merge pull request #2732 from murgatroid99/grpc-js_proto-loader_update
• Additional commits viewable in compare view

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

Commits

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates bl from 1.2.2 to 1.2.3

Commits

• d69edfd 1.2.3
• 847473a test all branches
• 0bd87ec Fix unintialized memory access
• dc097f3 test newer versions of Node
• See full diff in compare view

Updates ansi-regex from 3.0.0 to 3.0.1

Commits

• f545bdb 3.0.1
• c57d4c2 fix a few old XO issues for backport
• 419250f Fix potential ReDoS (#37)
• See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates debug from 4.1.1 to 4.3.5

Release notes

Sourced from debug's releases.

4.3.5

Patch

• cac39b1c5b018b0fe93a53a05f084eee543d17f5 Fix/debug depth (#926)

Thank you @​calvintwr for the fix.

4.3.4

What's Changed

• Add section about configuring JS console to show debug messages by @​gitname in debug-js/debug#866
• Replace deprecated String.prototype.substr() by @​CommanderRoot in debug-js/debug#876

New Contributors

• @​gitname made their first contribution in debug-js/debug#866
• @​CommanderRoot made their first contribution in debug-js/debug#876

Full Changelog: debug-js/debug@4.3.3...4.3.4

4.3.3

Patch Release 4.3.3

This is a documentation-only release. Further, the repository was transferred. Please see notes below.

• Migrates repository from https://github.com/visionmedia/debug to https://github.com/debug-js/debug. Please see notes below as to why this change was made.
• Updates repository maintainership information
• Updates the copyright (no license terms change has been made)
• Removes accidental epizeuxis (#828)
• Adds README section regarding usage in child procs (#850)

Thank you to @​taylor1791 and @​kristofkalocsai for their contributions.

---

Repository Migration Information

I've formatted this as a FAQ, please feel free to open an issue for any additional question and I'll add the response here.

Q: What impact will this have on me?

In most cases, you shouldn't notice any change.

The only exception I can think of is if you pull code directly from https://github.com/visionmedia/debug, e.g. via a "debug": "visionmedia/debug"-type version entry in your package.json - in which case, you should still be fine due to the automatic redirection Github sets up, but you should also update any references as soon as possible.

Q: What are the security implications of this change?

If you pull code directly from the old URL, you should update the URL to https://github.com/debug-js/debug as soon as possible. The old organization has many approved owners and thus a new repository could (in theory) be created at the old URL, circumventing Github's automatic redirect that is in place now and serving malicious code. I (@​qix-) also wouldn't have access to that repository, so while I don't think it would happen, it's still something to consider.

Even in such a case, however, the officially released package on npm (debug) would not be affected. That package is still very much under control (even more than it used to be).

Q: What should I do if I encounter an issue related to the migration?

Search the issues first to see if someone has already reported it, and then open a new issue if someone has not.

... (truncated)

Commits

• 5464bdd 4.3.5
• f244ada update authorship contact info
• cac39b1 Fix/debug depth (#926)
• f66cb2d remove .github folder (and the outdated issue templates)
• d161662 Update ISSUE_TEMPLATE.md
• 12c1ad0 Update ISSUE_TEMPLATE.md
• da66c86 4.3.4
• 9b33412 replace deprecated String.prototype.substr() (#876)
• c0805cc add section about configuring JS console to show debug messages (#866)
• 043d3cd 4.3.3
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by qix, a new releaser for debug since your current version.

Updates node-forge from 0.7.4 to 1.3.1

Changelog

Sourced from node-forge's changelog.

1.3.1 - 2022-03-29

Fixes

• RFC 3447 and RFC 8017 allow for optional DigestAlgorithm NULL parameters for sha* algorithms and require NULL paramters for md2 and md5 algorithms.

1.3.0 - 2022-03-17

Security

• Three RSA PKCS#1 v1.5 signature verification issues were reported by Moosa Yahyazadeh (moosa-yahyazadeh@uiowa.edu).
• HIGH: Leniency in checking digestAlgorithm structure can lead to signature forgery.
  • The code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. For more information, please see "Bleichenbacher's RSA signature forgery based on implementation error" by Hal Finney.
  • CVE ID: CVE-2022-24771
  • GHSA ID: GHSA-cfm4-qjh2-4765
• HIGH: Failing to check tailing garbage bytes can lead to signature forgery.
  • The code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. For more information, please see "Bleichenbacher's RSA signature forgery based on implementation error" by Hal Finney.
  • CVE ID: CVE-2022-24772
  • GHSA ID: GHSA-x4jg-mjrx-434g
• MEDIUM: Leniency in checking type octet.
  • DigestInfo is not properly checked for proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest.
  • CVE ID: CVE-2022-24773
  • GHSA ID: GHSA-2r2c-g63r-vccr

Fixed

• [asn1] Add fallback to pretty print invalid UTF8 data.
• [asn1] fromDer is now more strict and will default to ensuring all input bytes are parsed or throw an error. A new option parseAllBytes can disable this behavior.
  • NOTE: The previous behavior is being changed since it can lead to security issues with crafted inputs. It is possible that code doing custom DER parsing may need to adapt to this new behavior and optional flag.
• [rsa] Add and use a validator to check for proper structure of parsed ASN.1

... (truncated)

Commits

• a0a4a42 Release 1.3.1.
• a33830f Update changelog.
• 740954d Allow optional DigestAlgorithm parameters.
• 56f4316 Allow DigestInfo.DigestAlgorith.parameters to be optional
• cbf0bd5 Start 1.3.1-0.
• 6c5b901 Release 1.3.0.
• 0f3972a Update changelog.
• dc77b39 Fix error checking.
• bb822c0 Add advisory links.
• d4395fe Update changelog.
• Additional commits viewable in compare view

Updates jsonwebtoken from 8.1.0 to 9.0.2

Changelog

Sourced from jsonwebtoken's changelog.

9.0.2 - 2023-08-30

• security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes #921.
• refactor: reduce library size by using lodash specific dependencies, closes #878.

9.0.1 - 2023-07-05

• fix(stubs): allow decode method to be stubbed

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

• Removed support for Node versions 11 and below.
• The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)
• RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)
• Key types must be valid for the signing / verification algorithm

Security fixes

• security: fixes Arbitrary File Write via verify function - CVE-2022-23529
• security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
• security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
• security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

8.5.1 - 2019-03-18

Bug fix

• fix: ensure correct PS signing and verification (#585) (e5874ae428ffc0465e6bd4e660f89f78b56a74a6), closes #585

Docs

• README: fix markdown for algorithms table (84e03ef70f9c44a3aef95a1dc122c8238854f683)

8.5.0 - 2019-02-20

New Functionality

• feat: add PS JWA support for applicable node versions (#573) (eefb9d9c6eec54718fa6e41306bda84788df7bec), closes #573
• Add complete option in jwt.verify (#522) (8737789dd330cf9e7870f4df97fd52479adbac22), closes #522

Test Improvements

• Add tests for private claims in the payload (#555) (5147852896755dc1291825e2e40556f964411fb2), closes #555
• Force use_strict during testing (#577) (7b60c127ceade36c33ff33be066e435802001c94), closes #577
• Refactor tests related to jti and jwtid (#544) (7eebbc75ab89e01af5dacf2aae90fe05a13a1454), closes #544
• ci: remove nsp from tests (#569) (da8f55c3c7b4dd0bfc07a2df228500fdd050242a), closes #569

... (truncated)

Commits

• bc28861 Release 9.0.2 (#935)
• 96b8906 refactor: use specific lodash packages (#933)
• ed35062 security: Updating semver to 7.5.4 to resolve CVE-2022-25883 (#932)
• 84539b2 Updating package version to 9.0.1 (#920)
• a99fd4b fix(stubs): allow decode method to be stubbed (#876)
• e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
• 5eaedbf chore(ci): remove github test actions job (#861)
• cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
• ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
• 8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by charlesrea, a new releaser for jsonwebtoken since your current version.

Updates lodash from 4.17.19 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• See full diff in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

• [Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)
• [Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)
• [Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

• [Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)
• [Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)
• [Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)
• [Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)
• [Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

• Merge tag 'v0.2.3' a026794
• [eslint] fix indentation and whitespace 5368ca4
• [eslint] fix indentation and whitespace e5f5067
• [eslint] more cleanup 62fde7d
• [eslint] more cleanup 36ac5d0
• [meta] add auto-changelog 73923d2
• [actions] add reusable workflows d80727d
• [eslint] add eslint; rules to enable later are warnings 48bc06a
• [eslint] fix indentation 34b0f1c
• [readme] rename and add badges 5df0fe4
• [Dev Deps] switch from covert to nyc a48b128
• [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
• [meta] create FUNDING.yml; add funding in package.json 3639e0c
• [meta] use npmignore to autogenerate an npmignore file be2e038
• Only apps should have lockfiles 282b570
• isConstructorOrProto adapted from PR ef9153f
• [Dev Deps] update @ljharb/eslint-config, aud 098873c
• [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
• [meta] add safe-publish-latest 4b927de
• [Tests] add aud in posttest b32d9bd
• [meta] update repo URLs f9fdfc0
• [actions] Avoid 0.6 tests du...

  Description has been truncated