Bump the npm_and_yarn group across 1 directories with 6 updates

[dependabot]

Bumps the npm_and_yarn group with 6 updates in the /. directory:

Package	From	To
decode-uri-component	0.2.0	0.2.2
follow-redirects	1.15.1	1.15.4
json5	1.0.1	1.0.2
loader-utils	1.4.0	1.4.2
ua-parser-js	0.7.31	0.7.37
webpack	4.46.0	4.47.0

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates follow-redirects from 1.15.1 to 1.15.4

Commits

• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• 3d42aec Add bracket tests.
• bcbb096 Do not directly set Error properties.
• 192dbe7 Release version 1.15.3 of the npm package.
• bd8c81e Fix resource leak on destroy.
• 9c728c3 Split linting and testing.
• Additional commits viewable in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full diff in compare view

Updates loader-utils from 1.4.0 to 1.4.2

Release notes

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

Changelog

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

Commits

• 331ad50 chore(release): 1.4.2
• 17cbf8f fix: ReDoS problem (#226)
• 8f082b3 chore(release): 1.4.1
• 4504e34 fix: security problem (#220)
• See full diff in compare view

Updates ua-parser-js from 0.7.31 to 0.7.37

Release notes

Sourced from ua-parser-js's releases.

v0.7.37

Version 0.7.37

• Fix misidentified WebView token as device model
• Increase UA_MAX_LENGTH to 500
• Add new browser: Alipay, Klarna, Smart Lenovo Browser, Vivo Browser
• Add new device: Ulefone
• Improve device detection: Realme, Xiaomi Redmi
• Rename browser: Avant, Baidu, Samsung Internet, Sogou Explorer, Sogou Mobile, WeChat

Changelog

Sourced from ua-parser-js's changelog.

Version 0.7.37 / 1.0.37

• Fix misidentified WebView token as device model
• Increase UA_MAX_LENGTH to 500
• Add new browser: Alipay, Klarna, Smart Lenovo Browser, Vivo Browser
• Add new device: Ulefone
• Improve device detection: Realme, Xiaomi Redmi
• Rename browser: Avant, Baidu, Samsung Internet, Sogou Explorer, Sogou Mobile, WeChat

Version 0.7.36 / 1.0.36

• Add new browser: Snapchat
• Add new devices: Infinix, Tecno
• Improve device detection: Amazon Fire TV, Xiaomi POCO
• Improve OS detection: iOS

Version 0.7.35 / 1.0.35

• Fix result from user-supplied user-agent being altered
• Add new browser: Heytap, TikTok
• Add new engine: LibWeb
• Add new OS: SerenityOS
• Improve browser detection: Yandex
• Improve device detection: iPhone, Amazon Echo
• Improve OS detection: iOS

Version 0.7.34 / 1.0.34

• Fix Sharp Mobile detected as Huawei Tablet
• Fix IE8 bug
• Add new devices : Kobo e-Reader, Apple Watch, and some new SmartTV devices
• Add new OS : watchOS
• Improve browser detection : Kakao, Naver, Brave
• Improve device detection : Oculus, iPad
• Improve OS detection : Chrome OS
• Using navigator.userAgentData as fallback for device.type & os.name

Version 0.7.33 / 1.0.33

• Add new browser : Cobalt
• Identify Macintosh as an Apple device
• Fix ReDoS vulnerability

Version 0.7.32 / 1.0.32

• Add new browser : DuckDuckGo, Huawei Browser, LinkedIn
• Add new OS : HarmonyOS
• Add some Huawei models
• Add Sharp Aquos TV
• Improve detection Xiaomi Mi CC9
• Fix Sony Xperia 1 III misidentified as Acer tablet
• Fix Detect Sony BRAVIA as SmartTV
• Fix Detect Xiaomi Mi TV as SmartTV
• Fix Detect Galaxy Tab S8 as tablet

... (truncated)

Commits

• d30ad46 Bump version 0.7.37
• 5302e2d Update changelog
• f3de7b7 Backport - Improve browser detection: WeChat (cherry picked from commit 17f0c...
• c41100e Backport - Improve browser detection: unified name for Baidu (cherry picked f...
• 23c5d77 Backport - Improve browser detection: remove unnecessary extra space in "Avan...
• e3d5f76 Backport - Improve browser detection: rename "Samsung Browser" to "Samsung In...
• 02af42f Backport - Fix #682 - Add new browser: Smart Lenovo Browser (cherry picked fr...
• 57d1ac0 Backport - Fix #683 - change MetaSr into Sogou Explorer (+add Sogou Mobile) (...
• ea2c829 Backport - Fix misidentified WebView token as device model - found in #681 (c...
• 3b896d5 Backport - Fix #681 - Add new browser: Vivo Browser (cherry picked from commi...
• Additional commits viewable in compare view

Updates webpack from 4.46.0 to 4.47.0

Release notes

Sourced from webpack's releases.

v4.47.0

New Features

• [Security] - Add support for md4 in Node >=18. by @​iclanton in webpack/webpack#17628

New Contributors

• @​iclanton made their first contribution in webpack/webpack#17628

Full Changelog: webpack/webpack@v4.46.0...v4.47.0

Commits

• dfffd6a 4.47.0
• 7395af8 Merge pull request #17628 from iclanton/webpack4-md4-hash
• 9b50972 Update SplitChunksPlugin to use the updated createHash function.
• 6f6ae98 Add support for md4 in Node >=18.
• 3956274 Merge pull request #13778 from StyleT/feature/custom_externals_for_systemjs_t...
• 1f11600 fix: fixed work of the non-system type externals for "system" library target
• See full diff in compare view

Maintainer changes

This version was pushed to npm by thelarkinn, a new releaser for webpack since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[netlify]

✅ Deploy Preview for vue-ssr-carousel ready!

Name	Link
🔨 Latest commit	8427540
🔍 Latest deploy log	https://app.netlify.com/sites/vue-ssr-carousel/deploys/659df0a433a75f0008f1de30
😎 Deploy Preview	https://deploy-preview-135--vue-ssr-carousel.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.