chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
babel-plugin-styled-components (source)	1.13.1 -> 1.13.2
color	3.1.3 -> 3.2.1
fitty	2.3.3 -> 2.3.5
muuri (source)	0.9.4 -> 0.9.5
next-pwa	5.2.22 -> 5.2.24
node	14.17.2 -> 14.17.5
ts-jest (source)	27.0.3 -> 27.0.4
use-seconds	1.5.0 -> 1.6.0
webpack	5.42.0 -> 5.50.0

---

Release Notes

styled-components/babel-plugin-styled-components

v1.13.2

Compare Source

• added some conditional guards to code paths that lead to errors for some consumers (0c16c1b)
• dependency updates
• teach babel plugin about certain spread application scenarios with "css" prop #​339
• handle namespace import (import * as styled from 'styled-components') properly #​340

Qix-/color

v3.2.1

Compare Source

Patch Release 3.2.1

• Revert color-convert back down to <2 since v2 introduced ES6 syntax.

If you need color-convert@>=2 then you'll need to have ES6 support. It's 2021, embrace it. 🙂

v3.2.0

Compare Source

Minor Release 3.2.0

NOTE: This is the final release of color that uses ES5 syntax. For those following along, 4.0.0 was just released that switches to ES6 (const/let) syntax, which will (at some point) be followed by another major release that further switches to ES Modules entirely. This will be a sweeping change across the color package suite (color, color-string, color-convert). Keep a look out if these issues have been bothering you.

• Bumps color convert to latest (fixes some issues with HCG)
• Bumps mocha to latest

v3.1.4

Compare Source

Patch Release 3.1.4

• Bumped color-string to latest version, resolving problems for users using package-lock.json files and adding support for space-separated hsl() syntax.

rikschennink/fitty

v2.3.5

Compare Source

v2.3.4

Compare Source

haltu/muuri

v0.9.5

Compare Source

Release PR with details: https://github.com/haltu/muuri/pull/487

shadowwalker/next-pwa

v5.2.24

Fix

1. back online reload behaviour configurable

v5.2.23

Fix

1. Fix double // when precache next/image url - Issue 231

Misc

• Add next-image example

nodejs/node

v14.17.5

Compare Source

This is a security release.

Notable Changes

• CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High)
  • Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library which can lead to the output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22931.
• CVE-2021-22930: Use after free on close http2 on stream canceling (High)
  • Node.js was vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to change process behavior. This release includes a follow-up fix for CVE-2021-22930 as the issue was not completely resolved by the previous fix. You can read more about it at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930.
• CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (Low)
  • If the Node.js HTTPS API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22939.

Commits

• [4923b59e0b] - deps: update c-ares to 1.17.2 (Beth Griggs) #​39724
• [847a4c6a8a] - deps: reflect c-ares source tree (Beth Griggs) #​39653
• [33208e2f89] - deps: apply missed updates from c-ares 1.17.1 (Beth Griggs) #​39653
• [af5c1af9a4] - http2: add tests for cancel event while client is paused reading (Akshay K) #​39622
• [434872e838] - http2: update handling of rst_stream with error code NGHTTP2_CANCEL (Akshay K) #​39622
• [35b86110e4] - tls: validate "rejectUnauthorized: undefined" (Matteo Collina) nodejs-private/node-private#​276

v14.17.4

Compare Source

This is a security release.

Notable Changes

• CVE-2021-22930: Use after free on close http2 on stream canceling (High)
  • Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930

This releases also fixes some regressions with internationalization introduced by the ICU updates in Node.js 14.17.0 and 14.17.1.

Commits

• [86477b2b53] - benchmark: output JSON-compatible numbers (Michaël Zasso) #​38778
• [f9693cf0a0] - benchmark: fix http elapsed time (Antoine du Hamel) #​38743
• [1ab4f81abc] - build: fix building with external builtins (Momtchil Momtchev) #​39091
• [a657f250f1] - build: reconfigure when gyp files change on Windows (Joyee Cheung) #​39066
• [6962c647d6] - Revert "build: work around bug in MSBuild v16.10.0" (Michaël Zasso) #​38977
• [069cf59e56] - build: make build-addons errors fail the build (Richard Lau) #​38983
• [d341561ae0] - build: fix commit-queue default branch (Mary Marchini) #​38998
• [0736dd833a] - build: don't pass python override to V8 build (Richard Lau) #​38969
• [49a000683a] - build: correct Xcode spelling in .gitignore (bl-ue) #​38895
• [1ffbe3d5da] - build: remove outdated dont-land-on-v6.x label (Michaël Zasso) #​38886
• [7f53a0b349] - build: add lto build to CI (Jiawen Geng) #​38567
• [a6f8ba8f0c] - build: allow LTO with Clang 3.9.1+ (Jesse Chan) #​38751
• [b5b1d1fb79] - build: replace non-POSIX test -a|o (Issam E. Maghni) #​38731
• [fc2b1ec308] - child_process: refactor to use validateBoolean (Qingyu Deng) #​38927
• [55ea29eedd] - child_process: retain reference to data with advanced serialization (Anna Henningsen) #​38728
• [716ee1531c] - debugger: rename internal library for clarity (Rich Trott) #​39080
• [b7ee9d8287] - debugger: use ERR_DEBUGGER_STARTUP_ERROR in _inspect.js (Rich Trott) #​39024
• [5d4d23dcf3] - debugger: use error codes in debugger REPL (Rich Trott) #​39024
• [a3991d7c18] - debugger: use ERR_DEBUGGER_ERROR in debugger client (Rich Trott) #​39024
• [052e1c5385] - debugger: removed unused function argument (Rich Trott) #​38850
• [f9a4dcb30c] - debugger: refactor inspect_repl to use primordials (Antoine du Hamel) #​38551
• [ad8056659f] - debugger: refactor to use internal modules (Antoine du Hamel) #​38550
• [b5724a1984] - debugger: disable only the lint rules required by current file state (Rich Trott) #​38529
• [34659f2b7a] - debugger: avoid non-ASCII char in code file (Rich Trott) #​38529
• [ae90756582] - debugger: wrap lines longer than 80 chars (Rich Trott) #​38529
• [b30ff35a36] - debugger: align message with Node.js standard (Rich Trott) #​38400
• [d74d67f207] - debugger: remove unnecessary boilerplate copyright comment (Rich Trott) #​38952
• [e58f938ab3] - debugger: enable linter on internal/inspector/inspect_client (Antoine du Hamel) #​38417
• [249acd5e69] - debugger: reduce scope of eslint disable comment (Rich Trott) #​38946
• [0ef5e088c0] - debugger: revise async iterator usage to comply with lint rules (Rich Trott) #​38847
• [79bfb0416b] - debugger: wait for V8 debugger to be enabled (Michaël Zasso) #​38811
• [721edeffd3] - debugger: refactor internal/inspector/_inspect to use more primordials (Antoine du Hamel) #​38406
• [21ecee1b4b] - debugger: add usage example for --port (Rafael Gonzaga) #​38400
• [cde72213d1] - Revert "debugger: rename internal library for clarity" (Antoine du Hamel) #​39446
• [4c2b813799] - debugger: rename internal library for clarity (Rich Trott) #​39080
• [61da371251] - debugger: apply automatic lint fixes for inspect_repl.js (Rich Trott) #​38411
• [8dd1f70fe3] - debugger: apply automatic lint fixes for _inspect.js (Rich Trott) #​38411
• [fb0ab4c034] - debugger: removed unused function argument (Rich Trott) #​38850
• [9e28c6c946] - debugger: fix race condition/deadlock on initialization (Rich Trott) #​38161
• [a8924fa0fb] - debugger: replace internal use of deprecated API (Rich Trott) #​38161
• [22afb7cbe6] - debugger: allow longer time to connect (Rich Trott) #​38161
• [b172e6f436] - debugger: accommodate line chunking in Windows (Rich Trott) #​38161
• [1da692185a] - debugger: fix inspect restart on Windows (Rich Trott) #​38161
• [0321c5b194] - debugger: remove unused code (Rich Trott) #​38161
• [8bd2a3926a] - debugger: move node-inspect to internal library (Rich Trott) #​38161
• [acf5279c39] - deps: upgrade npm to 6.14.14 (Darcy Clarke) #​39553
• [4efefe02a8] - deps: V8: backport ae7bfb3 (Michaël Zasso) #​39051
• [5039f21396] - deps: V8: backport 16ffec9 (Michaël Zasso) #​39051
• [9b69069f71] - deps: V8: cherry-pick b0a7f56 (Michaël Zasso) #​39051
• [4213e97d26] - deps: V8: cherry-pick 81181a8 (thomasmichaelwallace) #​39187
• [ccecea5f72] - deps: restore minimum ICU version to 65 (Richard Lau) #​39068
• [7557e74cf4] - deps: V8: update build dependencies (Michaël Zasso) #​39244
• [a60a960406] - deps: V8: cherry-pick 8959494 (Michaël Zasso) #​39244
• [7fdd6ecbb4] - deps: V8: cherry-pick 0b3a4ec (Michaël Zasso) #​39244
• [4be2e878b7] - deps: V8: cherry-pick 7c182bd (Michaël Zasso) #​39244
• [a83b01a4af] - deps: V8: cherry-pick 92e6d33 (Michaël Zasso) #​39244
• [17eb561184] - deps: V8: backport 1b1eda0 (Michaël Zasso) #​39244
• [04032fa1a3] - doc: remove references to deleted freenode channels (devsnek) #​39047
• [797bd73849] - doc: add missing parameter types (Voltrex) #​39013
• [e474e984e5] - doc: clarify that only one Python version is required to build (bl-ue) #​38894
• [cd48ee71d9] - doc: fixed typo in process.md (Derevianchenko Maksym) #​38941
• [41fcbad2b2] - doc: add missing semis after classes (Darshan Sen) #​38931
• [b40529643b] - doc: mark util.inherits as legacy (Voltrex) #​38896
• [b2d836b1ea] - doc: clarify when readable._read(...) is called (Shaun Keys) #​38726
• [e36d2a6d6a] - doc: fixed typo in n-api.md (julianjany) #​38822
• [b4f60bb523] - doc: use "Long Term Support" in collaborator guide (Rich Trott) #​38841
• [7a9850a5fb] - doc: use "Long Term Support" in technical values doc (Rich Trott) #​38841
• [dfe9698db0] - doc: use "Long Term Support" in README (Philip) #​38839
• [8699e622fc] - doc: fix grammar in fs.md (yotamselementor) #​38818
• [826ae9b2e2] - doc: fixup code sample in http.md (TodorTotev) #​38776
• [8049b69b7f] - doc: document null target pattern (Guy Bedford) #​38724
• [4d9129eb71] - doc: update code examples for node:url module (fisker Cheung) #​38645
• [2ff671e4c4] - doc,url: clarify domainTo* when built without ICU (Darshan Sen) #​38789
• [9b993edca8] - errors: add ERR_DEBUGGER_STARTUP_ERROR (Rich Trott) #​39024
• [cfccf13e84] - errors: add ERR_DEBUGGER_ERROR (Rich Trott) #​39024
• [bb9a9adc2b] - errors: don't rekey on primitive type (Benjamin Coe) #​39025
• [d48b91ea2b] - http2: on receiving rst_stream with cancel code add it to pending list (Akshay K) #​39423
• [d8cc2fffd6] - lib: add primordials.SafeArrayIterator (Antoine du Hamel) #​36532
• [e3223edb89] - lib: harden lint checks for globals (Antoine du Hamel) #​38419
• [d4f96bb926] - lib: enforce using primordials.globalThis instead of global (Antoine du Hamel) #​38230
• [ea9003a559] - lib: add globalThis to primordials (Antoine du Hamel) #​38211
• [097a7874d3] - lib: remove semicolon in preparation for babel/eslint-parser update (Rich Trott) #​39094
• [199fe32cbc] - lib: make internal/options lazy (Joyee Cheung) #​38993
• [2bc2a232af] - lib: add JSDoc typings for child_process (Voltrex) #​38222
• [b0a1984d4d] - lib: fix typos (bl-ue) #​38846
• [6c061d5f2c] - meta: update label-pr-config (Michaël Zasso) #​38950
• [afb61786b9] - module: fix legacy node specifier resolution to resolve "main" field (Antoine du Hamel) #​38979
• [cd3305a9e4] - node-api: avoid SecondPassCallback crash (Michael Dawson) #​38899
• [e7f266e93d] - src: use SPrintF in ProcessEmitWarning (Darshan Sen) #​38758
• [43fe6c1d27] - src: cleanup uv_fs_t regardless of success or not (legendecas) #​38996
• [dcfb182546] - src: refactor to use locale functions (Darshan Sen) #​39014
• [bee477b000] - src: throw error in LoadBuiltinModuleSource when reading fails (Joyee Cheung) #​38904
• [ff7cc8f9ef] - src: add not-weak DCHECK to PersistentToLocal::Strong (Anna Henningsen) #​38875
• [981217e48a] - src: replace autos in node_api.cc (Khaidi Chu) #​38852
• [73e199d963] - src: fix typos (bl-ue) #​38845
• [2d32031724] - src: use HandleScope in StreamReq::Done() (Darshan Sen) #​38720
• [2c11d3ec0a] - src: remove commented code in node_file.cc (Juan José Arboleda) #​38693
• [846a138f54] - src: write named pipe info in diagnostic report (legendecas) #​38637
• [7d82200861] - src: replace autos in node_contextify.cc (Khaidi Chu) #​38644
• [51da7d2048] - src,url: separate some tables out of node_url.cc (Khaidi Chu) #​38988
• [45c2ea3b72] - test: add NumberFormat resolvedOptions test (Richard Lau) #​39401
• [6b2fea38d1] - test: move inspector-cli tests to sequential (Rich Trott) #​39079
• [6447cab7be] - test: improve buffer coverage (Rongjian Zhang) #​38538
• [6f1862eab3] - test: fix name of variable in inspector-cli test (Tobias Nießen) #​38869
• [40093504bc] - test: fix typo (Houssem Chebab) #​39045
• [ab28f9b9a1] - test: remove obsolete TLS test (Rich Trott) #​39001
• [b3b59953fe] - test: improve coverage of lib/events.js (Rongjian Zhang) #​38582
• [c99a09f05f] - test: http outgoing _headers setter null (ycjcl868) #​38881
• [660a97b1d5] - test: suppress warning in test_environment.cc (Daniel Bevenius) #​38868
• [0cca16ac4c] - test: improve coverage of fs internal utils (Rongjian Zhang) #​38746
• [fecad40f27] - test: fix writefile with fd (Nitzan Uziely) #​38820
• [01f00faaa8] - test: simplify test-path-resolve.js (himself65) #​38671
• [504bfd7a88] - test: improve coverage for question in readline (Qingyu Deng) #​38799
• [eb91932e77] - test: os, replace custom flatten method with built-in Array.flat (Wael Almattar) #​38770
• [aeea252b96] - test: improve coverage of lib/_http_outgoing.js (Rongjian Zhang) #​38734
• [e265d8ee1b] - test: give js-native-api tests consistent names (Gabriel Schulhof) #​38692
• [99fd8bfc6a] - test: fix flaky inspector-cli tests when breakpionts are restored (Rich Trott) #​38431
• [4d3a1fad28] - test: extend timeout on debugger tests for slower machines (Rich Trott) #​38161
• [dd2642b5db] - test: fix comment typo (Rich Trott) #​38161
• [193ea8fd91] - test: fix test-inspector-cli-address (Rich Trott) #​38161
• [a62826bbe6] - test,debugger: migrate node-inspect tests to core (Rich Trott) #​38161
• [ab45ace9bd] - tools: update babel-eslint-parser to 7.14.5 (Rich Trott) #​39094
• [b8e63b3c08] - tools: update ESLint to 7.29.0 (Rich Trott) #​39083
• [54a250e79c] - tools: update doctool dependencies, migrate to ESM (Michaël Zasso) #​38966
• [443db64eed] - tools: avoid crashing CQ when git push fails (Antoine du Hamel) #​36861
• [547f88b149] - tools: fix typo in commit-queue.sh (bl-ue) #​39000
• [1023433a81] - tools: update ESLint to 7.28.0 (Luigi Pinca) #​38955
• [9b4ae8fbb0] - tools: bump remark-preset-lint-node to 2.3.0 (Rich Trott) #​38910
• [2ad0719e86] - tools: refloat 7 Node.js patches to cpplint.py (Rich Trott) #​38851
• [b7686d0c1e] - tools: bump cpplint to 1.5.5 (Rich Trott) #​38851
• [2ec7c9de57] - tools: remove exception for Node.js 8 and earlier (Rich Trott) #​38840
• [1dc71da302] - tools: update setup-node to setup-node@v2 (pengjie) #​38825
• [fc219d862c] - tools: remove node-inspect from license (Rich Trott) #​38161
• [4bb0bd0f0e] - tools,doc: forbid CJS globals in ESM code snippets (Antoine du Hamel) #​38889
• [58154ce426] - typings: add JSDoc typings for https (Voltrex) #​38589
• [6ea1368a67] - typings: add JSDoc typings for events (Voltrex) #​38712
• [b6942a6138] - url,src: simplify ipv6 logic by using uv_inet_pton (Khaidi Chu) #​38842
• [dd00547ada] - vm: use missing validator (Voltrex) #​38935
• [2c28e00685] - worker: do not look up context twice in PostMessage (Anna Henningsen) #​38784

v14.17.3

Compare Source

Notable Changes

Node.js 14.17.2 introduced a regression in the Windows installer on
non-English locales that is being fixed in this release. There is no
need to download this release if you are not using the Windows
installer.

Commits

• [0f00104a2c] - win,msi: use localized "Authenticated Users" name (Richard Lau) #​39241

kulshekhar/ts-jest

v27.0.4

Compare Source

Bug Fixes

• add @types/jest as optional peerDependencies to solve yarn 2 (#​2756) (5fbf43e)
• add babel-jest as optional peerDependencies to solve yarn 2 (#​2751) (8bede2e)
• config: include AST transformer's name and version into cache key (#​2755) (310fb9a), closes #​2753

Features

• link jest config types on npx ts-jest:init (#​2742) (f51ba05)
• set env var TS_JEST to allow detecting of ts-jest (#​2717) (56c137a), closes #​2716

webpack/webpack

v5.50.0

Compare Source

Features

• hashbangs (#! ...) are now handled by webpack
  • https://github.com/tc39/proposal-hashbang

Performance

• disable cache compression by default as it tend to make performance worse
  • I could still be enabled again for specific scenarios
• reduce the number of allocations during cache serialization
  • This improves performance and memory usage

v5.49.0

Compare Source

Features

• add experiments.buildHttp to build http(s):// imports instead of keeping them external
  • keeps a webpack.lock file with integrity and webpack.lock.data with cached content that should be committed
  • Automatically upgrades lockfile during development when remote resources change
    (might be disabled with experiments.buildHttp.upgrade: false)
  • Lockfile is frozen during production builds and usually no network requests are made
    (exception: Cache-Control: no-cache).
  • The webpack.lock.data persisting can be disabled with experiments.buildHttp.cacheLocation: false.
    That will will introduce a availability risk.
    (webpack cache will be used to cache network responses)

Bugfixes

• fix HMR infinite loop (again)
• fix rare non-determinism with splitChunks.maxSize introduces in the last release
• optional modules no longer cause the module to fail when bail is set
• fix typo in records format: chunkHashs -> chunkHashes

Performance

• limit the number of parallel generated chunks for memory reasons

v5.48.0

Compare Source

Features

• enable import assertions again

Bugfixes

• upgrade webpack-sources for fixes regarding source maps
• fix infinite loop in HMR runtime code

v5.47.1

Compare Source

Bugfixes

• upgrade webpack-sources for a bunch of bugfixes regarding source maps and missing chars in output

v5.47.0

Compare Source

Performance

• improve source-map performance

Bugfixes

• avoid unnecessary "use strict"s in module mode

v5.46.0

Compare Source

Features

• status handlers in HMR api can now return Promises to delay the HMR process
• reasons in stats can now be grouped and collapsed
  • add stats.reasonsSpace and stats.groupReasonsByOrigin

Bugfixes

• fix a crash in asset modules when updating persistent cached modules from unsafe cached modules

Performance

• detailed preset limits all spaces to 1000 by default
• upgrade webpack-sources for a performance bugfix

v5.45.1

Compare Source

Bugfixes

• temporary revert import assertions because parser changes break the word assert in other places
• import(/* webpackPrefetch: true */ ...) no longer breaks library output
• DataURL tries to avoid re-encoding
• fix problems with DataURL encoding in some cases

v5.45.0

Compare Source

Features

• add support to import assertions

Bugfixes

• SourceMaps will now also be added to .cjs output files
• fix non-system externals in a system library

Performance

• avoid copying timestamps from the watcher to the compiler

Contributing

• update to jest 27

v5.44.0

Compare Source

Features

• add support for output.module + optimization.runtimeChunk

Bugfixes

• fix inline externals with dash in type

v5.43.0

Compare Source

Features

• support runtime: false in entry description to disable runtime chunk
• support runtime option in ModuleFederationPlugin and ContainerPlugin

Bugfixes

• fix "module" externals when concatenated

Performance

• serialize JSON data as buffer and parse on demand for performance and to avoid performance warning

v5.42.1

Compare Source

Bugfixes

• fix crashes when rebuilding with jsonData or dataUrl of undefined

---

Configuration

📅 Schedule: "before 3am on the first day of the month" in timezone Asia/Tokyo.

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.