Bump the npm_and_yarn group across 1 directory with 5 updates

[dependabot]

By approving this PR, you are confirming that you have adequately and effectively reviewed this change.

Searchable Hashes

• aff49b7794d9a80daf6e9b867bcad61d
• 0539905a503bbddbc65450dccefd4b9b
• 2871ca6469aada41e1eb56ca2aff7d8b
• c4b8a0a56222ded143d52db13db4d491
• 0f3d9f5fb58f76aa89215aa001cecd68
• cab9904d0709e931714372a9ddaae42d
• 62b2d9aab30bdea00fc5491c77b44f12
• 4459198ec0b9723a449ecc57e184dafb
• ad355b6df619a62e108eb6e82314c0e6
• 4338bd1be62c39ca609e0da9a8a4723a

_{The above information was added by dependabot-augmentor.}

Bumps the npm_and_yarn group with 4 updates in the /airflow/www directory: lodash, moment-timezone, npm and moment.

Updates lodash from 4.17.11 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates moment-timezone from 0.5.21 to 0.5.35

Release notes

Sourced from moment-timezone's releases.

Release 0.5.35

• Fix command injection in data pipeline GHSA-56x4-j7p9-fcf9
• Fix cleartext transmission of sensitive information GHSA-v78c-4p63-2j6c

Thanks to the OpenSSF Alpha-Omega project for reporting these!

Release 0.5.34

• Updated data to IANA TZDB 2021e. #962

Release 0.5.33

• Updated data to IANA TZDB 2021a. #927

Release 0.5.32

• Updated data to IANA TZDB 2020d. #910

Release 0.5.31

Fixed Travis builds for Node.js 4 and 6

Release 0.5.30

• Updated data to IANA TZDB 2020a. #852
• Fixed TypeScript definitions.

NOTE: You might need to un-install @types/moment-timezone. Check #858 for more info.

Release 0.5.29

• Fixed es6 module loading issue moment/moment-timezone@1fd4234
• Fixed typescript declarations moment/moment-timezone@ed529ea
• Fixed changelog moment/moment-timezone@adb7d7b

Release 0.5.28

Merged pull request #410 from @​adgrace:

• Added a method moment.tz.zonesForCountry(country_code) which returns all timezones for the country
• Added a method moment.tz(timezone_id).countries() to get countries for some time zone
• Added a method moment.tz.countries() to get all country codes
• And as you know moment.tz.names() already exists

Release 0.5.27

0.5.27 2019-10-14

• Updated data to IANA TZDB `2019c

Release 0.5.26

• Updated data to IANA TZDB 2019b
• Fix: stabilize Array.sort #762

Release 0.5.25

• Fix moment.tz.dataVersion to return 2019a #742
• Update path in bower.json

Release 0.5.24

• Updated data to IANA TZDB 2019a #737

... (truncated)

Changelog

Sourced from moment-timezone's changelog.

0.5.35 2022-08-23

• Fix command injection in data pipeline. GHSA-56x4-j7p9-fcf9
• Fix cleartext transmission of sensitive information. GHSA-v78c-4p63-2j6c

Thanks to the OpenSSF Alpha-Omega project for reporting these!

0.5.34 2021-11-10

• Updated data to IANA TZDB 2021e. #962

0.5.33 2021-02-06

• Updated data to IANA TZDB 2021a. #927

0.5.32 2020-11-14

• Updated data to IANA TZDB 2020d. #910

0.5.31 2020-05-16

• Fixed Travis builds for Node.js 4 and 6.

0.5.30 2020-05-16

• Updated data to IANA TZDB 2020a. #852
• Fixed TypeScript definitions.

NOTE: You might need to un-install @types/moment-timezone. Check #858 for more info.

0.5.29 2020-05-16

• Merged fix of es6 module loading issue moment/moment-timezone@1fd4234
• Merged PR with TypeScript declarations moment/moment-timezone@ed529ea
• Merged fixes to changelog moment/moment-timezone@adb7d7b

0.5.28 2020-02-21

Merged pull request #410 from @​adgrace:

• Added a method moment.tz.zonesForCountry(country_code) which returns all timezones for the country
• Added a method moment.tz(timezone_id).countries() to get countries for some time zone
• Added a method moment.tz.countries() to get all country codes
• And as you know moment.tz.zones() already exists

0.5.27 2019-10-14

• Updated data to IANA TZDB 2019c.

0.5.26 2019-06-06

• Updated data to IANA TZDB 2019b.
• Fix: stabilize Array.sort #762

0.5.25 2019-04-17

• Fix moment.tz.dataVersion to return 2019a #742
• Update path in bower.json

0.5.24 2019-04-17

• Updated data to IANA TZDB 2019a #737

... (truncated)

Commits

• b8fb1ba Build moment-timezone 0.5.35
• f1b5e5a Add changelog for 0.5.35
• 8b0eb0c Bump version to 0.5.35
• 7915ac5 Bugfix: Prevent cleartext transmission of tz data during build
• ce955a3 Bugfix: Fix command injection vulnerability in grunt tzdata pipeline
• 9430b4c Merge remote-tracking branch 'origin/master' into develop
• feaf900 Updated contributing.md + added 2021e files
• 704cfac updated contributing.md
• 877c863 Updated contributing.md + added 2021e files
• 5a3015c updated contributing.md
• Additional commits viewable in compare view

Updates npm from 6.4.1 to 6.14.6

Changelog

Sourced from npm's changelog.

6.14.6 (2020-07-02)

BUG FIXES

• a9857b8f6 chore: remove auth info from logs (@​claudiahdz)
• b7ad77598 #1416 fix: wrong npm doctor command result (@​vanishcode)

DEPENDENCIES

• 94eca6377 npm-registry-fetch@4.0.5 (@​claudiahdz)
• c49b6ae28 #1418 spdx-license-ids@3.0.5 (@​kemitchell)

DOCUMENTATION

• 2e052984b #1459 chore(docs): fixed links to cli commands (@​claudiahdz)
• 0ca3509ca #1283 Update npm-link.md (@​peterfich)
• 3dd429e9a #1377 Add note about dropped * filenames (@​maxwellgerber)
• 9a2e2e797 #1429 Fix typo (@​seanpoulter)

6.14.5 (2020-05-01)

BUG FIXES

• 33ec41f18 #758 fix: relativize file links when inflating shrinkwrap (@​jsnajdr)
• 94ed456df #1162 fix: npm init help output (@​mum-never-proud)

DEPENDENCIES

• 5587ac01f npm-registry-fetch@4.0.4
  • fc5d94c39 fix: removed default timeout
• 07a4d8884 graceful-fs@4.2.4
• 8228d1f2e mkdirp@0.5.5
• e6d208317 nopt@4.0.3

6.14.4 (2020-03-24)

DEPENDENCIES

• Bump minimist@1.2.5 transitive dep to resolve security issue
  • 9c554fd8c update-notifier@2.5.0
  • bump deep-extend@1.2.5
  • bump deep-extend@0.6.0
  • bump is-ci@1.2.1
  • bump is-retry-allowed@1.2.0
  • bump rc@1.2.8
  • bump registry-auth-token@3.4.0
  • bump widest-line@2.0.1

... (truncated)

Commits

• 7352eb6 6.14.6
• f8a3f0e update AUTHORS
• ccaaaab docs: changelog for 6.14.6
• 94eca63 npm-registry-fetch@4.0.5
• a9857b8 chore: remove auth info from logs
• 479e45c style: fix lint error with no trailing comma
• 1aec4cb test: add test for npm doctor that ping registry returns error
• b7ad775 fix: wrong npm doctor command result
• 9a2e2e7 docs: Fix typo
• c49b6ae spdx-license-ids@3.0.5
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by claudiahdz, a new releaser for npm since your current version.

Updates semver from 5.3.0 to 5.5.0

Changelog

Sourced from semver's changelog.

Changelog

7.7.2 (2025-05-12)

Bug Fixes

• fcafb61 #780 add missing 'use strict' directives (#780) (@​Fdawgs)
• c99f336 #781 prerelease identifier starting with digits (#781) (@​mbtools)

Chores

• c760403 #784 template-oss-apply for workflow permissions (#784) (@​wraithgar)
• 2677f2a #778 bump @​npmcli/template-oss from 4.23.6 to 4.24.3 (#778) (@​dependabot[bot], @​npm-cli-bot)

7.7.1 (2025-02-03)

Bug Fixes

• af761c0 #764 inc: fully capture prerelease identifier (#764) (@​wraithgar)

7.7.0 (2025-01-29)

Features

• 0864b3c #753 add "release" inc type (#753) (@​mbtools)

Bug Fixes

• d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@​eminberkayd, berkay.daglar)
• 8a34bde #754 add identifier validation to inc() (#754) (@​mbtools)

Documentation

• 67e5478 #756 readme: added missing period for consistency (#756) (@​shaymolcho)
• 868d4bb #749 clarify comment about obsolete prefixes (#749) (@​mbtools, @​ljharb)

Chores

• 145c554 #741 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• 753e02b #747 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@​dependabot[bot], @​npm-cli-bot)
• 0b812d5 #744 postinstall for dependabot template-oss PR (@​hashtagchris)

7.6.3 (2024-07-16)

Bug Fixes

• 73a3d79 #726 optimize Range parsing and formatting (#726) (@​jviide)

Documentation

• 2975ece #719 fix extra backtick typo (#719) (@​stdavis)

7.6.2 (2024-05-09)

Bug Fixes

• 6466ba9 #713 lru: use map.delete() directly (#713) (@​negezor, @​lukekarrys)

7.6.1 (2024-05-04)

Bug Fixes

• c570a34 #704 linting: no-unused-vars (@​wraithgar)
• ad8ff11 #704 use internal cache implementation (@​mbtools)

... (truncated)

Commits

• 44cbc84 v5.5.0
• 1d37529 Cleaned up coerce behavior
• e7092b4 Improved coerce regex and added coerce to README.
• 68cef2d Added version coercion to the module and CLI.
• ec6f97a range.bnf: Fix invalid bracket expression
• 906b664 travis: don't cache node_modules
• 7184ff4 range.bnf: Remove unnecessary empty entry
• 0877c94 v5.4.1
• 7be83d1 Handle bad ranges in max/min satisfying
• e1c49c8 v5.4.0
• Additional commits viewable in compare view

Updates moment from 2.22.2 to 2.30.1

Changelog

Sourced from moment's changelog.

2.30.1

• Release Dec 27, 2023
• Revert moment/moment#5827, because it's breaking a lot of TS code.

2.30.0 Full changelog

• Release Dec 26, 2023

2.29.4

• Release Jul 6, 2022
  • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

• Release Apr 17, 2022
  • #5995 [bugfix] Remove const usage
  • #5990 misc: fix advisory link

2.29.2 See full changelog

• Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

• Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

• Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: https://momentjs.com/docs/#/-project-status/

2.28.0 See full changelog

• Release Sept 13, 2020

Fix bug where .format() modifies original instance, and locale updates

2.27.0 See full changelog

... (truncated)

Commits

• 485d9a7 Build 2.30.1
• e048b09 Bump version to 2.30.1
• f9f2d58 Update changelog for 2.30.1
• a52ffb2 Revert "Merge pull request #5827 from BobZombie:feature/fix_d.ts"
• ddd6809 Build 2.30.0
• be64d00 Bump version to 2.30.0
• ad41179 Update changelog for 2.30.0
• 63fe479 [misc] Make code ES6 compatible
• 0f0195f Revert "Merge pull request #5599 from Alanscut:issue_4985"
• 15b82f5 Revert "Merge pull request #5597 from Alanscut:issue-5596"
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.