Bump the npm_and_yarn group across 22 directories with 21 updates

[dependabot]

Bumps the npm_and_yarn group with 13 updates in the / directory:

Package	From	To
@babel/traverse	7.11.0	7.23.2
minimist	1.2.3	1.2.6
semver	6.3.0	6.3.1
electron	23.1.2	24.8.5
ip	1.1.5	2.0.1
json5	2.1.3	2.2.2
express	4.18.2	4.19.2
follow-redirects	1.7.0	1.15.6
loader-utils	1.2.3	1.4.2
qs	6.5.2	6.5.3
ua-parser-js	0.7.20	0.7.38
webpack-dev-middleware	5.3.3	5.3.4
word-wrap	1.2.3	1.2.5

Bumps the npm_and_yarn group with 5 updates in the /fixtures/art directory:

Package	From	To
@babel/traverse	7.10.5	7.24.7
semver	5.3.0	5.7.2
debug	2.6.3	2.6.9
lodash	4.17.15	4.17.21
qs	6.4.0	6.4.1

Bumps the npm_and_yarn group with 4 updates in the /fixtures/attribute-behavior directory: semver, express, lodash and ua-parser-js.
Bumps the npm_and_yarn group with 6 updates in the /fixtures/concurrent/time-slicing directory:

Package	From	To
minimist	1.2.5	1.2.8
semver	5.7.1	5.7.2
express	4.17.1	4.19.2
follow-redirects	1.14.0	1.15.6
ua-parser-js	0.7.28	0.7.38
word-wrap	1.2.3	1.2.5

Bumps the npm_and_yarn group with 7 updates in the /fixtures/dom directory:

Package	From	To
minimist	1.2.5	1.2.8
semver	5.7.1	5.7.2
express	4.17.1	4.19.2
follow-redirects	1.13.0	1.15.6
qs	6.5.2	6.5.3
ua-parser-js	0.7.23	0.7.38
word-wrap	1.2.3	1.2.5

Bumps the npm_and_yarn group with 5 updates in the /fixtures/expiration directory:

Package	From	To
semver	5.4.1	5.7.2
express	4.16.2	4.19.2
lodash	4.17.4	4.17.21
qs	6.4.0	6.4.1
ua-parser-js	0.7.17	0.7.38

Bumps the npm_and_yarn group with 2 updates in the /fixtures/fiber-debugger directory: express and ua-parser-js.
Bumps the npm_and_yarn group with 6 updates in the /fixtures/fizz directory:

Package	From	To
@babel/traverse	7.17.9	7.24.7
minimist	1.2.6	1.2.8
semver	5.7.1	5.7.2
json5	1.0.1	1.0.2
express	4.17.3	4.19.2
http-cache-semantics	4.1.0	4.1.1

Bumps the npm_and_yarn group with 9 updates in the /fixtures/flight directory:

Package	From	To
@babel/traverse	7.7.2	7.24.7
semver	7.3.7	7.5.2
json5	2.2.1	2.2.3
braces	3.0.2	3.0.3
lodash	4.17.11	4.17.21
postcss	8.4.16	8.4.31
tough-cookie	4.0.0	4.1.4
webpack-dev-middleware	5.3.3	5.3.4
undici	5.20.0	5.28.4

Bumps the npm_and_yarn group with 3 updates in the /fixtures/flight-esm directory: semver, braces and undici.
Bumps the npm_and_yarn group with 2 updates in the /fixtures/packaging/brunch/dev directory: semver and express.
Bumps the npm_and_yarn group with 3 updates in the /fixtures/packaging/brunch/prod directory: semver, express and qs.
Bumps the npm_and_yarn group with 1 update in the /fixtures/packaging/systemjs-builder/dev directory: lodash.
Bumps the npm_and_yarn group with 1 update in the /fixtures/packaging/systemjs-builder/prod directory: lodash.
Bumps the npm_and_yarn group with 2 updates in the /fixtures/packaging/webpack-alias/dev directory: semver and qs.
Bumps the npm_and_yarn group with 1 update in the /fixtures/packaging/webpack-alias/prod directory: semver.
Bumps the npm_and_yarn group with 1 update in the /fixtures/packaging/webpack/dev directory: semver.
Bumps the npm_and_yarn group with 2 updates in the /fixtures/packaging/webpack/prod directory: semver and qs.
Bumps the npm_and_yarn group with 5 updates in the /fixtures/ssr directory:

Package	From	To
semver	5.7.1	5.7.2
express	4.17.1	4.19.2
follow-redirects	1.13.3	1.15.6
qs	6.4.0	6.4.1
word-wrap	1.2.3	1.2.5

Bumps the npm_and_yarn group with 9 updates in the /fixtures/ssr2 directory:

Package	From	To
@babel/traverse	7.14.2	7.24.7
minimist	1.2.5	1.2.8
semver	5.7.1	5.7.2
json5	1.0.1	1.0.2
braces	3.0.2	3.0.3
webpack	4.44.2	5.91.0
express	4.17.1	4.19.2
http-cache-semantics	4.1.0	4.1.1
loader-utils	1.4.0	1.4.2

Bumps the npm_and_yarn group with 2 updates in the /packages/react-devtools directory: electron and ip.
Bumps the npm_and_yarn group with 3 updates in the /scripts/bench directory: minimist, debug and lodash.

Updates @babel/traverse from 7.11.0 to 7.23.2

Release notes

Sourced from @​babel/traverse's releases.

v7.23.2 (2023-10-11)

NOTE: This release also re-publishes @babel/core, even if it does not appear in the linked release commit.

Thanks @​jimmydief for your first PR!

🐛 Bug Fix

• babel-traverse
  • #16033 Only evaluate own String/Number/Math methods (@​nicolo-ribaudo)
• babel-preset-typescript
  • #16022 Rewrite .tsx extension when using rewriteImportExtensions (@​jimmydief)
• babel-helpers
  • #16017 Fix: fallback to typeof when toString is applied to incompatible object (@​JLHwung)
• babel-helpers, babel-plugin-transform-modules-commonjs, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16025 Avoid override mistake in namespace imports (@​nicolo-ribaudo)

Committers: 5

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• James Diefenderfer (@​jimmydief)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

v7.23.1 (2023-09-25)

Re-publishing @babel/helpers due to a publishing error in 7.23.0.

v7.23.0 (2023-09-25)

Thanks @​lorenzoferre and @​RajShukla1 for your first PRs!

🚀 New Feature

• babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-import-source, babel-plugin-transform-dynamic-import
  • #15870 Support transforming import source for wasm (@​nicolo-ribaudo)
• babel-helper-module-transforms, babel-helpers, babel-plugin-proposal-import-defer, babel-plugin-syntax-import-defer, babel-plugin-transform-modules-commonjs, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone
  • #15878 Implement import defer proposal transform support (@​nicolo-ribaudo)
• babel-generator, babel-parser, babel-types
  • #15845 Implement import defer parsing support (@​nicolo-ribaudo)
  • #15829 Add parsing support for the "source phase imports" proposal (@​nicolo-ribaudo)
• babel-generator, babel-helper-module-transforms, babel-parser, babel-plugin-transform-dynamic-import, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-traverse, babel-types
  • #15682 Add createImportExpressions parser option (@​JLHwung)
• babel-standalone
  • #15671 Pass through nonce to the transformed script element (@​JLHwung)
• babel-helper-function-name, babel-helper-member-expression-to-functions, babel-helpers, babel-parser, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-optional-chaining-assign, babel-plugin-syntax-optional-chaining-assign, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone, babel-types
  • #15751 Add support for optional chain in assignments (@​nicolo-ribaudo)
• babel-helpers, babel-plugin-proposal-decorators
  • #15895 Implement the "decorator metadata" proposal (@​nicolo-ribaudo)
• babel-traverse, babel-types
  • #15893 Add t.buildUndefinedNode (@​liuxingbaoyu)
• babel-preset-typescript

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.23.2 (2023-10-11)

🐛 Bug Fix

• babel-traverse
  • #16033 Only evaluate own String/Number/Math methods (@​nicolo-ribaudo)
• babel-preset-typescript
  • #16022 Rewrite .tsx extension when using rewriteImportExtensions (@​jimmydief)
• babel-helpers
  • #16017 Fix: fallback to typeof when toString is applied to incompatible object (@​JLHwung)
• babel-helpers, babel-plugin-transform-modules-commonjs, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16025 Avoid override mistake in namespace imports (@​nicolo-ribaudo)

v7.23.0 (2023-09-25)

🚀 New Feature

• babel-plugin-proposal-import-wasm-source, babel-plugin-syntax-import-source, babel-plugin-transform-dynamic-import
  • #15870 Support transforming import source for wasm (@​nicolo-ribaudo)
• babel-helper-module-transforms, babel-helpers, babel-plugin-proposal-import-defer, babel-plugin-syntax-import-defer, babel-plugin-transform-modules-commonjs, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone
  • #15878 Implement import defer proposal transform support (@​nicolo-ribaudo)
• babel-generator, babel-parser, babel-types
  • #15845 Implement import defer parsing support (@​nicolo-ribaudo)
  • #15829 Add parsing support for the "source phase imports" proposal (@​nicolo-ribaudo)
• babel-generator, babel-helper-module-transforms, babel-parser, babel-plugin-transform-dynamic-import, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-traverse, babel-types
  • #15682 Add createImportExpressions parser option (@​JLHwung)
• babel-standalone
  • #15671 Pass through nonce to the transformed script element (@​JLHwung)
• babel-helper-function-name, babel-helper-member-expression-to-functions, babel-helpers, babel-parser, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-optional-chaining-assign, babel-plugin-syntax-optional-chaining-assign, babel-plugin-transform-destructuring, babel-plugin-transform-optional-chaining, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime, babel-standalone, babel-types
  • #15751 Add support for optional chain in assignments (@​nicolo-ribaudo)
• babel-helpers, babel-plugin-proposal-decorators
  • #15895 Implement the "decorator metadata" proposal (@​nicolo-ribaudo)
• babel-traverse, babel-types
  • #15893 Add t.buildUndefinedNode (@​liuxingbaoyu)
• babel-preset-typescript
  • #15913 Add rewriteImportExtensions option to TS preset (@​nicolo-ribaudo)
• babel-parser
  • #15896 Allow TS tuples to have both labeled and unlabeled elements (@​yukukotani)

🐛 Bug Fix

• babel-plugin-transform-block-scoping
  • #15962 fix: transform-block-scoping captures the variables of the method in the loop (@​liuxingbaoyu)

💅 Polish

• babel-traverse
  • #15797 Expand evaluation of global built-ins in @babel/traverse (@​lorenzoferre)
• babel-plugin-proposal-explicit-resource-management
  • #15985 Improve source maps for blocks with using declarations (@​nicolo-ribaudo)

🔬 Output optimization

• babel-core, babel-helper-module-transforms, babel-plugin-transform-async-to-generator, babel-plugin-transform-classes, babel-plugin-transform-dynamic-import, babel-plugin-transform-function-name, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-umd, babel-plugin-transform-parameters, babel-plugin-transform-react-constant-elements, babel-plugin-transform-react-inline-elements, babel-plugin-transform-runtime, babel-plugin-transform-typescript, babel-preset-env
  • #15984 Inline exports.XXX = update in simple variable declarations (@​nicolo-ribaudo)

v7.22.20 (2023-09-16)

... (truncated)

Commits

• b4b9942 v7.23.2
• b13376b Only evaluate own String/Number/Math methods (#16033)
• ca58ec1 v7.23.0
• 0f333da Add createImportExpressions parser option (#15682)
• 3744545 Fix linting
• c7e6806 Add t.buildUndefinedNode (#15893)
• 38ee8b4 Expand evaluation of global built-ins in @babel/traverse (#15797)
• 9f3dfd9 v7.22.20
• 3ed28b2 Fully support || and && in pluginToggleBooleanFlag (#15961)
• 77b0d73 v7.22.19
• Additional commits viewable in compare view

Updates minimist from 1.2.3 to 1.2.6

Changelog

Sourced from minimist's changelog.

v1.2.6 - 2022-03-21

Commits

• test from prototype pollution PR bc8ecee
• isConstructorOrProto adapted from PR c2b9819
• security notice for additional prototype pollution issue ef88b93

v1.2.5 - 2020-03-12

v1.2.4 - 2020-03-11

Commits

• security notice 4cf1354
• additional test for constructor prototype pollution 1043d21

Commits

• 7efb22a 1.2.6
• ef88b93 security notice for additional prototype pollution issue
• c2b9819 isConstructorOrProto adapted from PR
• bc8ecee test from prototype pollution PR
• aeb3e27 1.2.5
• 278677b 1.2.4
• 4cf1354 security notice
• 1043d21 additional test for constructor prototype pollution
• See full diff in compare view

Updates semver from 6.3.0 to 6.3.1

Release notes

Sourced from semver's releases.

v6.3.1

6.3.1 (2023-07-10)

Bug Fixes

• 928e56d #591 better handling of whitespace (#591) (@​lukekarrys, @​joaomoreno, @​nicolo-ribaudo)

Changelog

Sourced from semver's changelog.

6.3.1 (2023-07-10)

Bug Fixes

• 928e56d #591 better handling of whitespace (#591) (@​lukekarrys, @​joaomoreno, @​nicolo-ribaudo)

6.2.0

• Coerce numbers to strings when passed to semver.coerce()
• Add rtl option to coerce from right to left

6.1.3

• Handle X-ranges properly in includePrerelease mode

6.1.2

• Do not throw when testing invalid version strings

6.1.1

• Add options support for semver.coerce()
• Handle undefined version passed to Range.test

6.1.0

• Add semver.compareBuild function
• Support * in semver.intersects

6.0

• Fix intersects logic.

  This is technically a bug fix, but since it is also a change to behavior that may require users updating their code, it is marked as a major version increment.

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

... (truncated)

Commits

• 44d27bc chore: release 6.3.1
• 928e56d fix: better handling of whitespace (#591)
• 39f6326 chore: @​npmcli/template-oss@​4.16.0
• See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates electron from 23.1.2 to 24.8.5

Commits

• 543f7c3 chore: cherry-pick 3fbd1dca6a4d from libvpx (#40025)
• e51dee4 fix: use generic capturer to list both screens and windows when possible (#39...
• 384f44d ci: fix linux builds of forks (#39942)
• edb117a build: use afs on aks instead of circle cache (#39913)
• 3f864b2 build: fixup autoninja (#39901)
• 97bf8c8 build: run on circle hosts for forks (#39864)
• 4a9b367 build: use aks backed runners for linux builds (#39837)
• 0508e25 chore: cherry-pick b2eab7500a18 from chromium (#39826)
• 0641412 fix: ensure app load is limited to real asar files when appropriate (#39810)
• c574fed chore: cherry-pick 3 changes from Release-3-M116 (#39757)
• Additional commits viewable in compare view

Updates ip from 1.1.5 to 2.0.1

Commits

• 3b0994a 2.0.1
• 32f468f lib: fixed CVE-2023-42282 and added unit test
• 4b2f4e7 2.0.0
• 369d56d lib: use Buffer.alloc
• af82ef4 1.1.6
• dba19f6 package: exclude test folder from publishing
• 7cd7f30 ci: use github workflows
• 4de50ae lib: node 18 support
• See full diff in compare view

Updates json5 from 2.1.3 to 2.2.2

Release notes

Sourced from json5's releases.

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

Changelog

Sourced from json5's changelog.

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

Commits

• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• d720b4f Improve readme (e.g. explain JSON5 better!) (#291)
• 910ce25 docs: fix spelling of Aseem
• 2aab4dd test: require tap as t in cli tests
• 6d42686 test: remove mocha syntax from tests
• 4798b9d docs: update installation and usage for modules
• Additional commits viewable in compare view

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates follow-redirects from 1.7.0 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates loader-utils from 1.2.3 to 1.4.2

Release notes

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

v1.4.0

1.4.0 (2020-02-19)

Features

• the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

v1.3.0

1.3.0 (2020-02-19)

Features

• support the [query] template for the interpolatedName method (#162) (469eeba)

Changelog

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

1.4.0 (2020-02-19)

Features

• the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

1.3.0 (2020-02-19)

Features

• support the [query] template for the interpolatedName method (#162) (469eeba)

Commits

• 331ad50 chore(release): 1.4.2
• 17cbf8f fix: ReDoS problem (#226)
• 8f082b3 chore(release): 1.4.1
• 4504e34 fix: security problem (#220)
• d95b8b5 chore(release): 1.4.0
• cd0e428 feat: the resourceQuery is passed to the interpolateName method (#163)
• 06d36cf chore(release): 1.3.0
• 469eeba feat: support the [query] template for the interpolatedName method (#162)
• 909c99d chore: funding.yml config and CI fix (#159)
• b5b74f0 Set up CI with Azure Pipelines
• Additional commits viewable in compare view

Updates lodash from 4.17.15 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates qs from 6.5.2 to 6.5.3

Changelog

Sourced from qs's changelog.

6.5.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] correctly parse nested arrays
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Refactor] utils: reduce observable [[Get]]s
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [Refactor] parse: only need to reassign the var once
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] always use String(x) over x.toString()
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

Commits

• 298bfa5 v6.5.3
• ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
• 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
• 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
• 12ac1c4 [meta] fix README.md (#399)
• 0338716 [actions] backport actions from main
• 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
• 51b8a0b add FUNDING.yml
• 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
• f814a7f [Dev Deps] backport from main
• Additional commits viewable in compare view

Updates ua-parser-js from 0.7.20 to 0.7.38

Release notes

Sourced from ua-parser-js's releases.

v0.7.38

Version 0.7.38

• Fix error on getOS() when userAgentData.platform is undefined
• Add new browser: Opera GX, Twitter
• Improve browser detection: DuckDuckGo
• Improve device detection: OPPO Pad, Oculus Quest

v0.7.37

Version 0.7.37

• Fix misidentified WebView token as device model
• Increase UA_MAX_LENGTH to 500
• Add new browser: Alipay, Klarna, Smart Lenovo Browser, Vivo Browser
• Add new device: Ulefone
• Improve device detection: Realme, Xiaomi Redmi
• Rename browser: Avant, Baidu, Samsung Internet, Sogou Explorer, Sogou Mobile, WeChat

Changelog

Sourced from ua-...

Description has been truncated