build: update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@babel/preset-env (source)	7.14.2 -> 7.14.4
@bazel/bazelisk	1.8.1 -> 1.9.0
@bazel/jasmine	3.5.0 -> 3.5.1
@bazel/typescript	3.5.0 -> 3.5.1
@typescript-eslint/eslint-plugin	4.24.0 -> 4.26.0
@typescript-eslint/parser	4.24.0 -> 4.26.0
ajv (source)	8.4.0 -> 8.5.0
build_bazel_rules_nodejs	3.5.0 -> 3.5.1
cacache	15.0.6 -> 15.2.0
core-js	3.12.1 -> 3.13.1
css-loader	5.2.4 -> 5.2.6
css-minimizer-webpack-plugin	3.0.0 -> 3.0.1
eslint (source)	7.26.0 -> 7.27.0
inquirer	8.0.0 -> 8.1.0
jest-worker	27.0.1 -> 27.0.2
license-webpack-plugin	2.3.18 -> 2.3.19
open	8.0.9 -> 8.2.0
postcss (source)	8.2.15 -> 8.3.0
sass	1.32.13 -> 1.34.0
terser-webpack-plugin	5.1.2 -> 5.1.3
verdaccio (source)	5.0.4 -> 5.1.0
webpack-dev-middleware	4.2.0 -> 4.3.0

---

Release Notes

babel/babel

v7.14.4

Compare Source

👓 Spec Compliance

• babel-parser
  • #​13377 disallow surrogate in the end of contextual name (@​JLHwung)
  • #​13328 perf: minimize identifier lookahead when parsing let (@​JLHwung)
• babel-plugin-transform-typescript
  • #​13314 [ts] Insert export {} when necessary to imply ESM (@​wbinnssmith)

🐛 Bug Fix

• babel-plugin-transform-typescript
  • #​13381 [ts] Remove override modifier (@​sosukesuzuki)
• Other
  • #​13338 Fix error when parsing ignored files with @babel/eslint-parser (@​devfservant)
• babel-parser
  • #​13333 refactor: add parse*Literal parser routines (@​JLHwung)

🏃‍♀️ Performance

• babel-plugin-transform-block-scoping
  • #​13376 Improve performance (@​sokra)
• babel-parser
  • #​13341 Faster tokenizer lookahead (@​JLHwung)
  • #​13328 perf: minimize identifier lookahead when parsing let (@​JLHwung)

🔬 Output optimization

• babel-plugin-proposal-object-rest-spread, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-react-constant-elements, babel-preset-env
  • #​13384 Hoist omitted keys from object spread operator (@​alanorozco)

bazelbuild/bazelisk

v1.9.0

Compare Source

This Bazelisk release contains the following changes:

• #​238: Properly handle pagination when GCS doesn't give us full results.
• #​241: Implement pagination support for GitHub repos.
• #​242: Provide ARM releases (for Mac M1).

I also bumped the tools used to build this release to Bazel 4.1.0, Go 1.16.4, rules_go 0.27.0.

bazelbuild/rules_nodejs

v3.5.1

Compare Source

Bug Fixes

• builtin: generated nodejs repository for windows references non-existent file (c1663c5)
• builtin: write stdout/stderr to correct path under chdir (#​2681) (36311bb), closes #​2680
• esbuild: prefer finding entry_point files in deps rather than srcs (#​2692) (dd4c4f3)
• esbuild: provide JSModuleInfo of output bundle (#​2685) (233254d)
• esbuild: update update script file paths after removal of _README.md (#​2695) (25a5ac4)
• make generated_file_test .update's visibility same as test rule (#​2677) (30bc86c)

Features

• builtin: document how nodejs_binary#entry_point can use a direc… (#​2579) (ceddd1d)

typescript-eslint/typescript-eslint

v4.26.0

Compare Source

Bug Fixes

• eslint-plugin: [no-type-alias] consider type imports as alias types (#​3433) (d4f0774)
• generate library types for TypeScript v4.3 (#​3460) (ed4776a), closes #​3449

Features

• eslint-plugin: [member-ordering] add callback as an ordering type of node (#​3354) (d134b1f)
• eslint-plugin: [space-infix-ops] Add support for Union and intersection of type declarations (#​3360) (3d29323)
• scope-manager: reduce generated lib file size (#​3468) (258116b)

v4.25.0

Compare Source

Bug Fixes

• corrected no-unsupported-browser-code in roadmap as unimplemented (#​3407) (2319b0e)
• experimental-utils: fix isAwaitKeyword predicate in ast-utils (#​3290) (c15da67)

Features

• typescript-estree: [TS4.3] support overrides on class members (#​3429) (21d1b62)
• typescript-estree: add support for getter/setter signatures on types (#​3427) (b830b7f), closes #​3272 #​3272

ajv-validator/ajv

v8.5.0

Compare Source

Optimize validation code for const keyword with scalar values (@​SoAsEr, #​1561)
Add option schemaId to support ajv-draft-04 - Ajv for JSON Schema drat-04.

npm/cacache

v15.2.0

Compare Source

• 8892a92 add a validateEntry option to compact
• 460b951 allow fully deleting indexes

v15.1.0

Compare Source

Features

• allow formatEntry to keep entries with no integrity value (930f531), closes #​53
• expose index.insert, implement and expose index.compact (c4efb74)

15.0.6 (2021-03-22)

15.0.5 (2020-07-11)

15.0.4 (2020-06-03)

Bug Fixes

• replace move-file dep with @​npmcli/move-file (bf88af0), closes #​37

15.0.3 (2020-04-28)

Bug Fixes

• actually remove move-concurrently dep (29e6eec)

15.0.2 (2020-04-28)

Bug Fixes

• tacks should be a dev dependency (93ec158)

zloirock/core-js

v3.13.1

Compare Source

• Overwrites get-own-property-symbols third-party Symbol polyfill if it's used since it causes a stack overflow, #​774
• Added a workaround of possible browser crash on Object.prototype accessors methods in WebKit ~ Android 4.0, #​232

v3.13.0

Compare Source

• Accessible Object#hasOwnProperty (Object.hasOwn) proposal moved to the stage 3, May 2021 TC39 meeting

webpack-contrib/css-loader

v5.2.6

Compare Source

v5.2.5

Compare Source

webpack-contrib/css-minimizer-webpack-plugin

v3.0.1

Compare Source

eslint/eslint

v7.27.0

Compare Source

• 2c0868c Chore: merge all html formatter files into html.js (#​14612) (Milos Djermanovic)
• 9e9b5e0 Update: no-unused-vars false negative with comma operator (fixes #​14325) (#​14354) (Nitin Kumar)
• afe9569 Chore: use includes instead of indexOf (#​14607) (Mikhail Bodrov)
• c0f418e Chore: Remove lodash (#​14287) (Stephen Wade)
• 52655dd Update: no-restricted-imports custom message for patterns (fixes #​11843) (#​14580) (Alex Holden)
• 967b1c4 Chore: Fix typo in large.js (#​14589) (Ikko Ashimine)
• 2466a05 Sponsors: Sync README with website (ESLint Jenkins)
• fe29f18 Sponsors: Sync README with website (ESLint Jenkins)
• 086c1d6 Chore: add more test cases for no-sequences (#​14579) (Nitin Kumar)
• 6a2ced8 Docs: Update README team and sponsors (ESLint Jenkins)

SBoudrias/Inquirer.js

v8.1.0

Compare Source

New features

• Now display a loading spinner while asynchronously filtering or validating data.
• inquirer.prompt() now accept a shorthand object syntax instead of an array with named prompts:

const { foo, bar } = await inquirer.prompt({
  foo: {
    message: '...',
    default: '...',
  },
  bar: {
    default: '...',
  }
}):

v8.0.1

Compare Source

Fixes

• Fix issue with duplicate keys in expand prompt not being caught if casing didn't match
• Fix rawlist prompt ignoring short option
• Rollback dependencies migrated to ESM causing issue for some users

And lastly general dependency upgrade (to non-ESM versions)

facebook/jest

v27.0.2

Compare Source

Features

• [jest-circus] Add some APIs to make it easier to build your own test runner
• [jest-reporters] Expose the getResultHeader util (#​11460)
• [jest-resolver] Export resolve* utils for different Jest modules (#​11466)
• [@jest/test-result] Export Test, TestEvents and TestFileEvent (#​11466)

Fixes

• [jest-circus] Add missing slash dependency (#​11465)
• [jest-circus, @​jest/test-sequencer] Remove dependency on jest-runner (#​11466)
• [jest-config] Resolve config.runner to absolute path (#​11465)
• [jest-config] Make sure to support functions as config (#​11475)
• [jest-core] Do not warn about DNSCHANNEL handles when using the --detectOpenHandles option (#​11470)
• [jest-runner] Remove dependency on jest-config (#​11466)
• [jest-worker] Loosen engine requirement to >= 10.13.0 (#​11451)

xz64/license-webpack-plugin

v2.3.19

Compare Source

Changed

• Optimized calls to compilation.getStats() by filtering out unnecessary stats information

Fixed

• Fixed banners not working on webpack v5. Check the documentation for important configuration changes required for banners to work on webpack v5.

sindresorhus/open

v8.2.0

Compare Source

• Add newInstance option for macOS (#​253) 5e663d6

v8.1.0

Compare Source

• Add open.apps.edge (#​252) aff3e84

postcss/postcss

v8.3.0

Compare Source

PostCSS 8.3 improved source map parsing performance, added Node#assign() shortcut, and experimental Document node to AST.

Thanks to Sponsors

This release was possible thanks to our community.

If your company wants to support the sustainability of front-end infrastructure or wants to give some love to PostCSS, you can join our supporters by:

• Tidelift with a Spotify-like subscription model supporting all projects from your lock file.
• Direct donations in PostCSS & Autoprefixer Open Collective.

Source Map Performance

Because PostCSS needs synchronous API, we can’t move from the old `source-map 0.6 to 0.7 (many other open-source projects too).

@​7rulnik forked source-map 0.6 to source-map-js and back-ported performance improvements from 0.7. In 8.3 we switched from source-map to this source-map-js fork.

You map see 4x performance improvements in parsing map from processing step before PostCSS (for instance, Sass).

Document Nodes

Thanks to @​gucong3000, PostCSS already parse CSS from HTML and JS files (CSS-in-JS templates and objects).

But his plugin need big updates. @​hudochenkov from stylelint team decided to create new parsers for styles inside CSS-in-JS, HTML, and Markdown.

He suggested adding new Document node type to PostCSS AST to keep multiple Root nodes inside and JS/HTML/Markdown code blocks between these style blocks.

const document = htmlParser(
  '<html><style>a{color:black}</style><style>b{z-index:2}</style>'
)
document.type          //=> 'document'
document.nodes.length  //=> 2
document.nodes[0].type //=> 'root'

This is an experimental feature. Some aspects of this node could change within minor or patch version releases.

Node#assign() Shortcut

The creator of famous postcss-preset-env and many other PostCSS tools, @​jonathantneal suggested a nice shortcut to change multiple properties in the node:

decl.assign({ prop: 'word-wrap', value: 'break-word' })

sass/dart-sass

v1.34.0

Compare Source

• Don't emit the same warning in the same location multiple times.

• Cap deprecation warnings at 5 per feature by default.

Command Line Interface

• Add a --quiet-deps flag which silences compiler warnings from stylesheets
  loaded through --load-paths.

• Add a --verbose flag which causes the compiler to emit all deprecation
  warnings, not just 5 per feature.

Dart API

• Add a quietDeps argument to compile(), compileString(),
  compileAsync(), and compileStringAsync() which silences compiler warnings
  from stylesheets loaded through importers, load paths, and package: URLs.

• Add a verbose argument to compile(), compileString(), compileAsync(),
  and compileStringAsync() which causes the compiler to emit all deprecation
  warnings, not just 5 per feature.

v1.33.0

Compare Source

• Deprecate the use of / for division. The new math.div() function should be
  used instead. See this page for details.

• Add a list.slash() function that returns a slash-separated list.

• Potentially breaking bug fix: The heuristics around when potentially
  slash-separated numbers are converted to slash-free numbers—for example, when
  1/2 will be printed as 0.5 rather than 1/2—have been slightly expanded.
  Previously, a number would be made slash-free if it was passed as an argument
  to a user-defined function, but not to a built-in function. Now it will be
  made slash-free in both cases. This is a behavioral change, but it's unlikely
  to affect any real-world stylesheets.

• [:is()][:is()] now behaves identically to :matches().

• Fix a bug where non-integer numbers that were very close to integer
  values would be incorrectly formatted in CSS.

• Fix a bug where very small number and very large negative numbers would be
  incorrectly formatted in CSS.

JS API

• The this context for importers now has a fromImport field, which is true
  if the importer is being invoked from an @import and false otherwise.
  Importers should only use this to determine whether to load import-only
  files.

Dart API

• Add an Importer.fromImport getter, which is true if the current
  Importer.canonicalize() call comes from an @import rule and false
  otherwise. Importers should only use this to determine whether to load
  import-only files.

webpack-contrib/terser-webpack-plugin

v5.1.3

Compare Source

verdaccio/verdaccio

v5.1.0

Compare Source

Features

• implement search v1 endpoint (#​2256) (251bd95)
• tarball url redirect (#​1688) (78d04cf)
• update Node.js docker image 14.17.0 (#​2247) (4ed7286)

Bug Fixes

• restore using local path web logo (#​2270) (8434cc5)
• update core dependencies (#​2269) (1e4c900)

webpack/webpack-dev-middleware

v4.3.0

Compare Source

Features

• add getFilenameFromUrl to API (#​911) (1edc726)

Bug Fixes

• husky config (#​904) (8a423be)
• typo depandabot -> dependabot (#​905) (7062990)

---

Configuration

📅 Schedule: "after 10pm every weekday,before 4am every weekday,every weekend" in timezone America/Tijuana.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

[ineeve]

Please review this as postcss is creating security vulnerability warnings because of a Regular Expression Denial of Service

[clydin]

This won't affect that issue since it is related to postcss 7 which is not a direct dependency of the CLI.

Please follow #20795 for updates.

[angular-automatic-lock-bot]

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

_{This action has been performed automatically by a bot.}