Bump the npm_and_yarn group across 1 directory with 43 updates

[dependabot]

Bumps the npm_and_yarn group with 17 updates in the / directory:

Package	From	To
@angular/core	8.2.14	10.2.5
karma	4.1.0	6.3.16
ini	1.3.5	1.3.8
@angular/cli	8.3.22	17.3.5
minimist	1.2.0	1.2.8
mkdirp	0.5.1	0.5.6
protractor	5.4.2	5.4.4
tar	4.4.13	6.2.1
yargs-parser	13.1.1	18.1.3
@angular-devkit/build-angular	0.803.22	0.803.29
protractor	5.4.4	7.0.0
@babel/traverse	7.8.3	7.24.1
async	2.6.3	2.6.4
decode-uri-component	0.2.0	0.2.2
follow-redirects	1.9.0	1.15.6
loader-utils	1.2.3	3.2.1
@angular-devkit/build-angular	0.803.29	17.3.5
lodash	4.17.15	4.17.21
y18n	4.0.0	4.0.3

Updates @angular/core from 8.2.14 to 10.2.5

Changelog

Sourced from @​angular/core's changelog.

10.2.5 (2021-04-14)

Bug Fixes

• compiler-cli: show a more specific error for Ivy NgModules (#41534) (#41598) (f630f33)
• core: fix possible XSS attack in development through SSR (#40525) (ba8da74)

10.2.4 (2020-12-17)

Bug Fixes

• core: fix possible XSS attack in development through SSR. (#40152) (0b8e3d5)
• core: set ngDevMode to false when calling enableProdMode() (#40160) (90570c0)

10.2.3 (2020-11-09)

Bug Fixes

• compiler: ensure that i18n message-parts have the correct source-span (#39589) (e67a331)
• compiler: skipping leading whitespace should not break placeholder source-spans (#39589) (2b684b7), closes #39195
• compiler-cli: avoid duplicate diagnostics about unknown pipes (#39517) (861e4fa)
• compiler-cli: do not drop non-Angular decorators when downleveling (#39577) (1c6cf8a), closes #39574

10.2.2 (2020-11-04)

Bug Fixes

• compiler-cli: report missing pipes when fullTemplateTypeCheck is disabled (#39320) (71d0063), closes #38195
• core: markDirty() should only mark flags when really scheduling tick. (#39316) (8c82106), closes #39296
• router: Ensure all outlets are used when commands have a prefix (#39456) (85d5242)

Performance Improvements

• core: do not recurse into modules that have already been registered (#39514) (812355c), closes #39487

... (truncated)

Commits

• ba8da74 fix(core): fix possible XSS attack in development through SSR (#40525)
• 90570c0 fix(core): set ngDevMode to false when calling enableProdMode() (#40160)
• 0b8e3d5 fix(core): fix possible XSS attack in development through SSR. (#40152)
• 1aee8b3 refactor(compiler): store the fullStart location on ParseSourceSpans (#39...
• 812355c perf(core): do not recurse into modules that have already been registered (#3...
• 8f36c21 refactor(router): Small refactor of createUrlTree and extra tests (#39456)
• 90acb91 docs: tView.preOrderHooks and tView.preOrderCheckHooks docs update (#39497)
• 8c82106 fix(core): markDirty() should only mark flags when really scheduling tick. (#...
• 0b37249 docs(core): update a typo in the comment of ngZoneEventCoalescing (#39423)
• 3b779a1 docs: fix typo in initializeInputAndOutputAliases docstring (#39438)
• Additional commits viewable in compare view

Updates karma from 4.1.0 to 6.3.16

Release notes

Sourced from karma's releases.

v6.3.16

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

v6.3.15

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

v6.3.14

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

v6.3.13

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #3751

v6.3.12

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

v6.3.11

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

... (truncated)

Changelog

Sourced from karma's changelog.

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #3734

... (truncated)

Commits

• ab4b328 chore(release): 6.3.16 [skip ci]
• ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
• c1befa0 chore(release): 6.3.15 [skip ci]
• d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
• 653c762 ci: prevent duplicate CI tasks on creating a PR
• c97e562 chore(release): 6.3.14 [skip ci]
• 91d5acd fix: remove string template from client code
• 69cfc76 fix: warn when singleRun and autoWatch are false
• 839578c fix(security): remove XSS vulnerability in returnUrl query param
• db53785 chore(release): 6.3.13 [skip ci]
• Additional commits viewable in compare view

Updates ini from 1.3.5 to 1.3.8

Commits

• a2c5da8 1.3.8
• af5c6bb Do not use Object.create(null)
• 8b648a1 don't test where our devdeps don't even work
• c74c8af 1.3.7
• 024b8b5 update deps, add linting
• 032fbaf Use Object.create(null) to avoid default object property hazards
• 2da9039 1.3.6
• cfea636 better git push script, before publish instead of after
• 56d2805 do not allow invalid hazardous string as section name
• See full diff in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Updates @angular/cli from 8.3.22 to 17.3.5

Release notes

Sourced from @​angular/cli's releases.

v17.3.5

17.3.5 (2024-04-17)

@​angular-devkit/build-angular

Commit	Description
	address Unable to deserialize cloned data issue with Yarn PnP
	remove type="text/css" from style tag

v17.3.4

17.3.4 (2024-04-11)

@​angular-devkit/build-angular

Commit	Description
	ensure esbuild-based builders exclusively produce ESM output

v17.3.3

@​schematics/angular

Commit	Description
	Revert "fix(@​schematics/angular): rename SSR port env variable"

v17.3.2

17.3.2 (2024-03-25)

@​schematics/angular

Commit	Description
	rename SSR port env variable

@​angular-devkit/build-angular

Commit	Description
	Internal server error: Invalid URL when using a non localhost IP
	ensure proper resolution of linked SCSS files
	service-worker references non-existent named index output
	update webpack-dev-middleware to 6.1.2

v17.3.1

17.3.1 (2024-03-20)

@​schematics/angular

Commit	Description
	improve Sass format clarity for application style option

@​angular-devkit/build-angular

Commit	Description
	only generate server directory when SSR is enabled

... (truncated)

Changelog

Sourced from @​angular/cli's changelog.

17.3.5 (2024-04-17)

@​angular-devkit/build-angular

Commit	Type	Description
6191d06ca	fix	address Unable to deserialize cloned data issue with Yarn PnP
0335d6a5d	fix	remove type="text/css" from style tag

17.3.4 (2024-04-11)

@​angular-devkit/build-angular

Commit	Type	Description
1128bdd64	fix	ensure esbuild-based builders exclusively produce ESM output

16.2.14 (2024-04-11)

@​angular-devkit/build-angular

Commit	Type	Description
1068c3c73	fix	update vite to 4.5.3

18.0.0-next.2 (2024-04-03)

@​schematics/angular

Commit	Type	Description
725883713	feat	use eventCoalescing option by default (standalone bootstrap)
508d97da7	feat	use ngZoneEventCoalescing option by default (module bootstrap)
157329384	fix	add spaces around eventCoalescing option

... (truncated)

Commits

• c5f20a3 release: cut the v17.3.5 release
• 6191d06 fix(@​angular-devkit/build-angular): address `Unable to deserialize cloned dat...
• 0335d6a fix(@​angular-devkit/build-angular): remove type="text/css" from style tag
• d0bff79 release: cut the v17.3.4 release
• 84ee482 docs: replace links links to aio with links to adev
• 1128bdd fix(@​angular-devkit/build-angular): ensure esbuild-based builders exclusively...
• 1f47a10 build: update vite and undici
• 97acaff release: cut the v17.3.3 release
• 6061a0b Revert "fix(@​schematics/angular): rename SSR port env variable"
• 97da8ba build: add missing dep in test to fix CI
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for @​angular/cli since your current version.

Updates minimist from 1.2.0 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

• [Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)
• [Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)
• [Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

• [Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)
• [Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)
• [Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)
• [Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)
• [Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

• Merge tag 'v0.2.3' a026794
• [eslint] fix indentation and whitespace 5368ca4
• [eslint] fix indentation and whitespace e5f5067
• [eslint] more cleanup 62fde7d
• [eslint] more cleanup 36ac5d0
• [meta] add auto-changelog 73923d2
• [actions] add reusable workflows d80727d
• [eslint] add eslint; rules to enable later are warnings 48bc06a
• [eslint] fix indentation 34b0f1c
• [readme] rename and add badges 5df0fe4
• [Dev Deps] switch from covert to nyc a48b128
• [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
• [meta] create FUNDING.yml; add funding in package.json 3639e0c
• [meta] use npmignore to autogenerate an npmignore file be2e038
• Only apps should have lockfiles 282b570
• isConstructorOrProto adapted from PR ef9153f
• [Dev Deps] update @ljharb/eslint-config, aud 098873c
• [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
• [meta] add safe-publish-latest 4b927de
• [Tests] add aud in posttest b32d9bd
• [meta] update repo URLs f9fdfc0
• [actions] Avoid 0.6 tests due to build failures ba92fe6
• [Dev Deps] update tape 950eaa7
• [Dev Deps] add missing npmignore dev dep 3226afa
• Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

• 6901ee2 v1.2.8
• a026794 Merge tag 'v0.2.3'
• c0b2661 v0.2.3
• 63b8fee [Fix] Fix long option followed by single dash (#17)
• 72239e6 [Tests] Remove duplicate test (#12)
• 34b0f1c [eslint] fix indentation
• 3226afa [Dev Deps] add missing npmignore dev dep
• 098873c [Dev Deps] update @ljharb/eslint-config, aud
• 9ec4d27 [Fix] Fix long option followed by single dash
• ba92fe6 [actions] Avoid 0.6 tests due to build failures
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates mkdirp from 0.5.1 to 0.5.6

Commits

• 92f086d 0.5.6
• 2a28125 clean up tests
• c905d65 update minimist
• 049cf18 0.5.5
• bea6382 Remove unnecessary umask calls
• 42a012c 0.5.4
• 2867920 fix infinite loop on windows machines
• d784e70 0.5.3
• d612c5d add files list so this package isn't a monster
• b2e7ba0 0.5.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for mkdirp since your current version.

Updates protractor from 5.4.2 to 5.4.4

Release notes

Sourced from protractor's releases.

5.4.3

typescript 3.7 compatibility

Resolves #5348 which was causing incompatibility with TypeScript 3.7

Changelog

Sourced from protractor's changelog.

5.4.4

Fixes

• fix: security prototype pollution

5.4.3

Fixes

fix(index.ts): Fix exports to unbreak TypeScript 3.7 build

Commits

• a0ffa9b release: 5.4.4
• 8b3ebf8 fix: security prototype pollution
• 162f9e5 ci: Log sauce connect proxy to stdout, remove travis_wait, upgrade proxy to 4...
• eb1d0fc docs(release): Update release docs for 5.4 series.
• 6c46098 chore(release): Update changelog
• faf0895 fix(ci): Don't update webdriver in pretest
• d77731c fix(release): Pin CircleCI to Chrome v74
• efe7fdd chore(dependencies): Update natives, so we can continue to run Gulp on
• 0442e51 chore(release): Bugfix release 5.4.3
• 7999a08 fix(index.ts): Fix exports to unbreak TypeScript 3.7 build
• See full diff in compare view

Updates tar from 4.4.13 to 6.2.1

Release notes

Sourced from tar's releases.

v6.1.13

6.1.13 (2022-12-07)

Dependencies

• cc4e0dd #343 bump minipass from 3.3.6 to 4.0.0

v6.1.12

6.1.12 (2022-10-31)

Bug Fixes

• 57493ee #332 ensuring close event is emited after stream has ended (@​webark)
• b003c64 #314 replace deprecated String.prototype.substr() (#314) (@​CommanderRoot, @​lukekarrys)

Documentation

• f129929 #313 remove dead link to benchmarks (#313) (@​yetzt)
• c1faa9f add examples/explanation of using tar.t (@​isaacs)

Changelog

Sourced from tar's changelog.

Changelog

7.0

• Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
• Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
• Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
• Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

6.2

• Add support for brotli compression
• Add maxDepth option to prevent extraction into excessively deep folders.

6.1

• remove dead link to benchmarks (#313) (@​yetzt)
• add examples/explanation of using tar.t (@​isaacs)
• ensure close event is emited after stream has ended (@​webark)
• replace deprecated String.prototype.substr() (@​CommanderRoot, @​lukekarrys)

6.0

• Drop support for node 6 and 8
• fix symlinks and hardlinks on windows being packed with \-style path targets

5.0

• Address unpack race conditions using path reservations
• Change large-numbers errors from TypeError to Error
• Add TAR_* error codes
• Raise TAR_BAD_ARCHIVE warning/error when there are no valid entries found in an archive
• do not treat ignored entries as an invalid archive
• drop support for node v4
• unpack: conditionally use a file mapping to write files on Windows
• Set more portable 'mode' value in portable mode
• Set portable gzip option in portable mode

... (truncated)

Commits

• bef7b1e 6.2.1
• fe8cd57 prevent extraction in excessively deep subfolders
• fe7ebfd remove security.md
• 5bc9d40 6.2.0
• fe1ef5e changelog 6.2
• e483220 get rid of npm lint stuff
• 689928a ci that works outside of npm org
• db6f539 file inference improvements for .tbr and .tgz
• 336fa8f refactor: dry and other pr comments
• eeba222 chore: lint fixes
• Additional commits viewable in compare view

Updates yargs-parser from 13.1.1 to 18.1.3

Release notes

Sourced from yargs-parser's releases.

yargs-parser yargs-parser-v15.0.3

Bug Fixes

• build: should use releases_created when using manifest (49ea4ef)

yargs-parser yargs-parser-v15.0.2

Bug Fixes

• perf: address slow parse when using unknown-options-as-args (#400) (bc387ec)

Changelog

Sourced from yargs-parser's changelog.

18.1.3 (2020-04-16)

Bug Fixes

• setArg: options using camel-case and dot-notation populated twice (#268) (f7e15b9)

18.1.2 (2020-03-26)

Bug Fixes

• array, nargs: support -o=--value and --option=--value format (#262) (41d3f81)

18.1.1 (2020-03-16)

Bug Fixes

• __proto__ will now be replaced with ___proto___ in parse (#258), patching a potential prototype pollution vulnerability. This was reported by the Snyk Security Research Team.(63810ca)

18.1.0 (2020-03-07)

Features

• introduce single-digit boolean aliases (#255) (9c60265)

18.0.0 (2020-03-02)

⚠ BREAKING CHANGES

• the narg count is now enforced when parsing arrays.

Features

• NaN can now be provided as a value for nargs, indicating "at least" one value is expected for array (#251) (9db4be8)

17.1.0 (2020-03-01)

Features

• introduce greedy-arrays config, for specifying whether arrays consume multiple positionals (#249) (60e880a)

17.0.1 (2020-02-29)

... (truncated)

Commits

• d301a56 chore: release 18.1.3 (#269)
• f7e15b9 fix(setArg): options using camel-case and dot-notation populated twice (#268)
• 78014fc chore: release 18.1.2 (#263)
• 41d3f81 fix(array, nargs): support -o=--value and --option=--value format (#262)
• b96b989 chore: release 18.1.1 (#259)
• 63810ca fix: proto will now be replaced with proto in parse (#258)
• 48b6d9c chore: release 18.1.0 (#257)
• 9c60265 feat: introduce single-digit boolean aliases (#255)
• 87e0a21 test: use bin to enforce coverage thresholds (#256)
• 88f36c3 force release
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for yargs-parser since your current version.

Updates @angular-devkit/build-angular from 0.803.22 to 0.803.29

Commits

• See full diff in compare view

Updates protractor from 5.4.4 to 7.0.0

Release notes

Sourced from protractor's releases.

5.4.3

typescript 3.7 compatibility

Resolves #5348 which was causing incompatibility with TypeScript 3.7

Changelog

Sourced from protractor's changelog.

5.4.4

Fixes

• fix: security prototype pollution

5.4.3

Fixes

fix(index.ts): Fix exports to unbreak TypeScript 3.7 build

Commits

• a0ffa9b release: 5.4.4
• 8b3ebf8 fix: security prototype pollution
• 162f9e5 ci: Log sauce connect proxy to stdout, remove travis_wait, upgrade proxy to 4...
• eb1d0fc docs(release): Update release docs for 5.4 series.
• 6c46098 chore(release): Update changelog
• faf0895 fix(ci): Don't update webdriver in pretest
• d77731c fix(release): Pin CircleCI to Chrome v74
• efe7fdd chore(dependencies): Update natives, so we can continue to run Gulp on
• 0442e51 chore(release): Bugfix release 5.4.3
• 7999a08 fix(index.ts): Fix exports to unbreak TypeScript 3.7 build
• See full diff in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full diff in compare view

Updates @babel/traverse from 7.8.3 to 7.24.1

Release notes

Sourced from @​babel/traverse's releases.

v7.24.1 (2024-03-19)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16350 Fix decorated class computed keys ordering (@​JLHwung)
  • #16344 Fix decorated class static field private access (@​JLHwung)
• babel-plugin-proposal-decorators, babel-plugin-proposal-json-modules, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env
  • #16329 Respect moduleName for @babel/runtime/regenerator imports (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties
  • #16331 Fix decorator memoiser binding kind (@​JLHwung)
• babel-helper-create-class-features-plugin, babel-helper-replace-supers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties
  • #16325 Fix decorator evaluation private environment (@​JLHwung)

📝 Documentation

• #16319 Update SECURITY.md (@​nicolo-ribaudo)

🏠 Internal

• babel-code-frameDescription has been truncated