Bump the npm_and_yarn group across 4 directories with 49 updates

[dependabot]

Bumps the npm_and_yarn group with 21 updates in the /demos/DonateNow/front directory:

Package	From	To
node-sass	4.12.0	9.0.0
grunt-karma	3.0.2	4.0.2
@babel/traverse	7.0.0-beta.44	7.24.7
babel-eslint	8.2.6	10.1.0
ansi-regex	3.0.0	5.0.1
follow-redirects	1.5.10	1.15.9
@nuxtjs/axios	5.5.4	5.13.6
braces	2.3.2	3.0.3
globby	8.0.2	14.0.2
grunt-cli	1.3.2	1.5.0
nodemon	1.19.1	1.19.1
elliptic	6.5.7	6.6.1
got	6.7.1	removed
nodemon	1.19.1	3.1.7
ini	1.3.5	1.3.8
loader-utils	1.2.3	1.4.2
postcss	8.4.39	8.4.49
rollup	2.79.1	2.79.2
secp256k1	3.7.1	3.8.1
send	0.18.0	0.19.0
serve-static	1.15.0	1.16.2
vite	3.2.10	3.2.11

Bumps the npm_and_yarn group with 22 updates in the /demos/TinyDice/front directory:

Package	From	To
@babel/traverse	7.0.0-beta.44	7.25.4
babel-eslint	8.2.6	10.1.0
tar	4.4.8	6.2.1
ajv	6.10.2	6.12.6
ansi-regex	3.0.0	4.1.1
ansi-regex	4.1.0	4.1.1
follow-redirects	1.15.6	1.15.9
json5	1.0.1	2.2.3
braces	2.3.2	3.0.3
nodemon	1.19.1	1.19.1
decode-uri-component	0.2.0	0.2.2
dot-prop	4.2.0	4.2.1
elliptic	6.5.4	removed
tronweb	5.3.2	6.0.0
fsevents	1.2.9	2.3.3
got	6.7.1	removed
nodemon	1.19.1	3.1.7
ini	1.3.5	1.3.8
loader-utils	1.2.3	1.4.2
postcss	8.4.41	8.4.49
rollup	4.21.1	4.28.0
send	0.18.0	0.19.0
serve-static	1.15.0	1.16.2
vite	5.4.2	5.4.11

Bumps the npm_and_yarn group with 17 updates in the /documentation/home directory:

Package	From	To
node-sass	4.14.1	9.0.0
@babel/traverse	7.17.3	7.25.9
ajv	5.5.2	6.12.6
@vue/cli-plugin-eslint	3.12.1	5.0.8
ansi-regex	3.0.0	4.1.1
async	2.6.3	2.6.4
follow-redirects	1.14.9	1.15.9
json5	2.2.0	2.2.3
json5	1.0.1	2.2.3
find-babel-config	1.2.0	1.2.2
@vue/cli-service	3.12.1	5.0.8
decode-uri-component	0.2.0	0.2.2
elliptic	6.5.4	6.6.1
vue	2.6.14	3.0.0
tough-cookie	2.5.0	removed
@vue/cli-plugin-babel	3.12.1	5.0.8
@vue/cli-plugin-pwa	3.12.1	5.0.8
vue-template-compiler	2.6.14	2.7.16

Bumps the npm_and_yarn group with 2 updates in the /js-sdk directory: grunt-karma and karma.

Updates node-sass from 4.12.0 to 9.0.0

Release notes

Sourced from node-sass's releases.

v9.0.0

What's Changed

• Node 20 support by @​nschonni in sass/node-sass#3355

Breaking changes

• Drop support for Node 14 (@​nschonni)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	16, 18, 19, 20
OSX	x64	16, 18, 19, 20
Linux*	x64	16, 18, 19, 20
Alpine Linux	x64	16, 18, 19, 20

*Linux support refers to major distributions like Ubuntu, and Debian

v8.0.0

What's Changed

• Fix binaries being partially downloaded by @​xzyfer in sass/node-sass#3313
• Bump node-gyp and nan for node 19 support by @​xzyfer in sass/node-sass#3314
• feat: Node 18 and 19 support and drop Node 17 by @​nschonni in sass/node-sass#3257

Breaking changes

• Drop support for Node 12 (@​nschonni)
• Drop support for Node 17 (@​nschonni)
• Set rejectUnauthorized to true by default (@​scott-ut, #3149)

Features

• Add support for Node 18 (@​nschonni)
• Add support for Node 19 (@​nschonni)
• Replace request with make-fetch-happen (@​CamilleDrapier @​xzyfer, #3193, #3313)

Dependencies

• Bump true-case-path@2.2.1
• Bump node-gyp @​9.0.0
• Bump nan@^2.17.0
• Bump sass-graph@^4.0.1

Misc

• Bump various GitHub Actions dependencies (@​nschonni)

... (truncated)

Changelog

Sourced from node-sass's changelog.

v4.14.0

https://github.com/sass/node-sass/releases/tag/v4.14.0

v4.13.1

https://github.com/sass/node-sass/releases/tag/v4.13.1

v4.13.0

https://github.com/sass/node-sass/releases/tag/v4.13.0

Commits

• 87f3899 feat: Node 20 support (#3355)
• 06ae4c7 build(deps): bump coverallsapp/github-action from 2.0.0 to 2.1.0 (#3350)
• e069f73 build(deps): bump coverallsapp/github-action from 1.2.0 to 2.0.0
• c34837d build(deps): bump coverallsapp/github-action from 1.1.3 to 1.2.0
• ee13eb9 8.0.0
• 98e75b3 feat: Node 18 and 19 support and drop Node 17 (#3257)
• e9bb866 Bump node-gyp and nan for node 19 support (#3314)
• ab7840b Fix binaries being partially downloaded (#3313)
• d595abf 7.0.3
• 3b556c1 7.0.2
• Additional commits viewable in compare view

Updates grunt-karma from 3.0.2 to 4.0.2

Release notes

Sourced from grunt-karma's releases.

v4.0.2

4.0.2 (2021-05-11)

Bug Fixes

• karma: accept karma 6.x in peerDependencies (#303) (fe01a67)

v4.0.1

4.0.1 (2021-05-11)

Bug Fixes

• karma: use recommended parseConfig pattern for Karma 6 (#297) (a38d9a9)

v4.0.0

4.0.0 (2020-04-14)

chore

• ci: support semanitic-release (#277) (caba218)

BREAKING CHANGES

• ci: drop support for nodejs <8

Changelog

Sourced from grunt-karma's changelog.

4.0.2 (2021-05-11)

Bug Fixes

• karma: accept karma 6.x in peerDependencies (#303) (fe01a67)

4.0.1 (2021-05-11)

Bug Fixes

• karma: use recommended parseConfig pattern for Karma 6 (#297) (a38d9a9)

4.0.0 (2020-04-14)

chore

• ci: support semanitic-release (#277) (caba218)

BREAKING CHANGES

• ci: drop support for nodejs <8

Commits

• f961953 chore(release): 4.0.2 [skip ci]
• fe01a67 fix(karma): accept karma 6.x in peerDependencies (#303)
• 88e5200 chore(release): 4.0.1 [skip ci]
• a38d9a9 fix(karma): use recommended parseConfig pattern for Karma 6 (#297)
• c547a61 chore(deps): bump lodash from 4.17.13 to 4.17.19 (#289)
• 45b9259 chore(deps): bump grunt from 1.0.1 to 1.1.0 (#285)
• a6d4fc9 chore(deps): bump underscore.string from 3.3.4 to 3.3.5 (#281)
• 909bc28 chore(deps): bump lodash.merge from 4.6.1 to 4.6.2 (#280)
• d030e08 chore(deps): bump acorn from 5.7.2 to 5.7.4 (#282)
• 658a272 chore(deps): bump handlebars from 4.0.12 to 4.7.6 (#284)
• Additional commits viewable in compare view

Updates @babel/traverse from 7.0.0-beta.44 to 7.24.7

Release notes

Sourced from @​babel/traverse's releases.

v7.24.7 (2024-06-05)

🐛 Bug Fix

• babel-node
  • #16554 Allow extra flags in babel-node (@​nicolo-ribaudo)
• babel-traverse
  • #16522 fix: incorrect constantViolations with destructuring (@​liuxingbaoyu)
• babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
  • #16524 fix: Transform using in switch correctly (@​liuxingbaoyu)

🏠 Internal

• babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16525 Delete unused array helpers (@​blakewilson)

Committers: 7

• Amjad Yahia Robeen Hassan (@​amjed-98)
• Babel Bot (@​babel-bot)
• Blake Wilson (@​blakewilson)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Sukka (@​SukkaW)
• @​liuxingbaoyu

v7.24.6 (2024-05-24)

Thanks @​amjed-98, @​blakewilson, @​coelhucas, and @​SukkaW for your first PRs!

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16514 Fix source maps for private member expressions (@​nicolo-ribaudo)
• babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • #16515 Fix source maps for template literals (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16485 Support undecorated static accessor in anonymous classes (@​JLHwung)
  • #16484 Fix decorator bare yield await (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
• babel-parser, babel-plugin-transform-typescript
  • #16476 fix: Correctly parse cls.fn<C> = x (@​liuxingbaoyu)

🏠 Internal

• babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16501 Generate helper metadata at build time (@​nicolo-ribaudo)
• babel-helpers
  • #16499 Add tsconfig.json for @babel/helpers/src/helpers (@​nicolo-ribaudo)
• babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16495 Move all runtime helpers to individual files (@​nicolo-ribaudo)
• babel-parser, babel-traverse
  • #16482 Statically generate boilerplate for bitfield accessors (@​nicolo-ribaudo)
• Other

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.7 (2024-06-05)

🐛 Bug Fix

• babel-node
  • #16554 Allow extra flags in babel-node (@​nicolo-ribaudo)
• babel-traverse
  • #16522 fix: incorrect constantViolations with destructuring (@​liuxingbaoyu)
• babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
  • #16524 fix: Transform using in switch correctly (@​liuxingbaoyu)

🏠 Internal

• babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16525 Delete unused array helpers (@​blakewilson)

v7.24.6 (2024-05-24)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16514 Fix source maps for private member expressions (@​nicolo-ribaudo)
• babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • #16515 Fix source maps for template literals (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16485 Support undecorated static accessor in anonymous classes (@​JLHwung)
  • #16484 Fix decorator bare yield await (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
• babel-parser, babel-plugin-transform-typescript
  • #16476 fix: Correctly parse cls.fn<C> = x (@​liuxingbaoyu)

🏠 Internal

• babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16501 Generate helper metadata at build time (@​nicolo-ribaudo)
• babel-helpers
  • #16499 Add tsconfig.json for @babel/helpers/src/helpers (@​nicolo-ribaudo)
• babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16495 Move all runtime helpers to individual files (@​nicolo-ribaudo)
• babel-parser, babel-traverse
  • #16482 Statically generate boilerplate for bitfield accessors (@​nicolo-ribaudo)
• Other
  • #16466 Migrate import assertions syntax (@​JLHwung)

v7.24.5 (2024-04-29)

🐛 Bug Fix

• babel-plugin-transform-classes, babel-traverse
  • #16377 fix: TypeScript annotation affects output (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
  • #16440 Fix suppressed error order (@​sossost)
  • #16408 Await nullish async disposable (@​JLHwung)

💅 Polish

• babel-parser

... (truncated)

Commits

• bf1e9a3 v7.24.7
• 4463aa5 fix: incorrect constantViolations with destructuring (#16522)
• 07bd000 Improve getBindingIdentifiers (#16544)
• 17a5502 [Babel 8] Remove extra.shorthand (#16521)
• 7934963 Use type: module in all package.jsons (#16535)
• 9630250 v7.24.6
• 1f010df Explicitly define NodePath.prototype.* (#16488)
• 6e3539b [babel 8] Publish .d.ts files for every package (#16416)
• e37e64d Use eslint v9 (#16479)
• 3ff20b9 Statically generate boilerplate for bitfield accessors (#16482)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by nicolo-ribaudo, a new releaser for @​babel/traverse since your current version.

Updates babel-eslint from 8.2.6 to 10.1.0

Release notes

Sourced from babel-eslint's releases.

v10.1.0

• Added ability to parse Flow enums #812 (@​gkz)

v10.0.3

Fixes babel/babel-eslint#791, also eslint/eslint#12117

Some context: babel/babel-eslint#793

We ended up going with @​JLHwung's PR babel/babel-eslint#794 which uses ESLint's deps instead of going with peerDeps since it really depends on the version being used and we don't want users to have to install it directly on their own.

babel-eslint is patching patches of the dependencies of ESLint itself so these kinds of issues have happened in the past. We'll need to look into figuring out how to have a more solid way of modifying behavior instead of this monkeypatching type of thing for future releases.

v10.0.2

Fixes babel/babel-eslint#772

v10.0.1

• Reverting babel/babel-eslint#584

The TypeAlias "conversion" to a function has issues. Sounds like we need to rethink the change, most likely we can just actually change the scoping rather than hardcode an AST change.

v10.0.0

Small breaking change: add a peerDependency starting from the ESLint version that added a parser feature that we were monkeypatching before (and drop that code). If already using ESLint 5 shouldn't be any different.

• Bugfix for TypeAlias: babel/babel-eslint#584

/* @flow */
type Node<T> = { head: T; tail: Node<T> }
// or
type File = {chunks: Array<Chunk>}
type Chunk = {file: File}

• Update to test against ESLint 5, add a peerDependency: babel/babel-eslint#689
• Drop monkeypatching behavior: babel/babel-eslint#690

v9.0.0

We've released v7: https://twitter.com/left_pad/status/1034204330352500736, so this just updates babel-eslint to use those versions internally. That in itself doesn't break anything but:

• Babel now supports the new decorators proposal by default, so we need to switch between the new and the old proposal. This is a breaking change.

To enable the legacy decorators proposal users should add a specific parser option:

{
</tr></table> 

... (truncated)

Commits

• 4bd049e 10.1.0
• 2c754a8 Update Babel to ^7.7.0 and enable Flow enums parsing (#812)
• 183d13e 10.0.3
• 354953d fix: require eslint dependencies from eslint base (#794)
• 48f6d78 10.0.2
• 0241b48 removed unused file reference (#773)
• 4cf0a21 10.0.1
• 98c1f13 Revert #584 (#697)
• 8f78e28 10.0.0
• 717fba7 test value should be switched
• Additional commits viewable in compare view

Updates tar from 2.2.2 to 4.4.8

Release notes

Sourced from tar's releases.

v6.1.13

6.1.13 (2022-12-07)

Dependencies

• cc4e0dd #343 bump minipass from 3.3.6 to 4.0.0

v6.1.12

6.1.12 (2022-10-31)

Bug Fixes

• 57493ee #332 ensuring close event is emited after stream has ended (@​webark)
• b003c64 #314 replace deprecated String.prototype.substr() (#314) (@​CommanderRoot, @​lukekarrys)

Documentation

• f129929 #313 remove dead link to benchmarks (#313) (@​yetzt)
• c1faa9f add examples/explanation of using tar.t (@​isaacs)

Changelog

Sourced from tar's changelog.

Changelog

7.4

• Deprecate onentry in favor of onReadEntry for clarity.

7.3

• Add onWriteEntry option

7.2

• DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

• Update minipass to v7.1.0
• Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

• Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
• Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
• Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
• Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

6.2

• Add support for brotli compression
• Add maxDepth option to prevent extraction into excessively deep folders.

6.1

• remove dead link to benchmarks (#313) (@​yetzt)
• add examples/explanation of using tar.t (@​isaacs)
• ensure close event is emited after stream has ended (@​webark)

... (truncated)

Commits

• bef7b1e 6.2.1
• fe8cd57 prevent extraction in excessively deep subfolders
• fe7ebfd remove security.md
• 5bc9d40 6.2.0
• fe1ef5e changelog 6.2
• e483220 get rid of npm lint stuff
• 689928a ci that works outside of npm org
• db6f539 file inference improvements for .tbr and .tgz
• 336fa8f refactor: dry and other pr comments
• eeba222 chore: lint fixes
• Additional commits viewable in compare view

Updates ansi-regex from 3.0.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

• Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

v5.0.0

Breaking

• Require Node.js 8 166a0d5

Enhancements

• Add TypeScript definition (#32) e77ea17

chalk/ansi-regex@v4.1.0...v5.0.0

v4.1.0

• Support more escape code like links (#29) 96200bb

chalk/ansi-regex@v4.0.0...v4.1.0

Commits

• a9babce 5.0.1
• 4657833 fix incorrect format
• c3c0b3f Fix potential ReDoS (#37)
• 178363b Move to GitHub Actions (#35)
• 0755e66 Add @​Qix- to funding.yml
• 2b56fb0 5.0.0
• f26f7fe Meta tweaks
• e77ea17 Add TypeScript definition (#32)
• 166a0d5 Require Node.js 8
• f115fca Tidelift tasks
• Additional commits viewable in compare view

Updates follow-redirects from 1.5.10 to 1.15.9

Commits

• e4e55c7 Release version 1.15.9 of the npm package.
• 31a1abf Attempt much more gentle detection.
• d2aaa97 Fix url field.
• 62558f0 Release version 1.15.8 of the npm package.
• a8d1cee Return subtlety.
• 458ca8e Fix native URL test for Node 20.
• ca49e44 Handle KeepAlive connections in tests.
• f3711d7 Test on Node 20 and 22.
• fda0faf Fix typo.
• 760757f Release version 1.15.7 of the npm package.
• Additional commits viewable in compare view

Updates @nuxtjs/axios from 5.5.4 to 5.13.6

Release notes

Sourced from @​nuxtjs/axios's releases.

v5.13.6

Bug Fixes

• setHeader function returns after the first scope element (#507) (cb5e29d)

v5.13.5

Bug Fixes

• only transpile defu for client bundle (resolves #501) (ec2eb0a)

v5.13.4

Bug Fixes

• build.transpile guard for nuxt@1.x (fixes #498) (66d56ab)

v5.13.3

Bug Fixes

• transpile defu (cf1a03f), closes unjs/defu#28

v5.13.2

Dependencies:

• Update defu to 5.x

v5.13.1

Bug Fixes

• types: add missing type for create() (#475) (62f17ca)
• types: update interceptors type (#476) (ecfab9a)

v5.13.0

Features

• Support baseUrl and browserBaseUrl to handle casing typos (8904847)

Bug Fixes

• Add x-forwarded-port and x-forwarded-proto to proxyHeaderIgnore defaults (#465) (a1a1894)

v5.12.5

Bug Fixes

• add x-forwarded-host to proxyHeaderIgnore defaults (#462) (433548b), closes #456

Dependencies

• Update axios to ^0.21.1 (axios/axios#3410) (nuxt-community/axios-module#460)

... (truncated)

Changelog

Sourced from @​nuxtjs/axios's changelog.

5.13.6 (2021-06-02)

Bug Fixes

• setHeader function returns after the first scope element (#507) (cb5e29d)

5.13.5 (2021-05-26)

Bug Fixes

• only transpile defu for client bundle (resolves #501) (ec2eb0a)

5.13.4 (2021-05-18)

Bug Fixes

• build.transpile guard for nuxt@1.x (fixes #498) (66d56ab)

5.13.3 (2021-05-17)

Bug Fixes

• transpile defu (cf1a03f), closes unjs/defu#28

5.13.2 (2021-05-17)

5.13.1 (2021-02-08)

Bug Fixes

• types: add missing type for create() (#475) (62f17ca)
• types: update interceptors type (#476) (ecfab9a)

5.13.0 (2021-02-01)

Features

• support baseUrl and browserBaseUrl to handle casing typos (8904847)

Bug Fixes

• add x-forwarded-port and x-forwarded-proto to proxyHeaderIgnore defaults (#465) (a1a1894)

... (truncated)

Commits

• 2796fa4 chore(release): 5.13.6
• d94b5d1 chore(deps): update all non-major dependencies (#478)
• cb5e29d fix: setHeader function returns after the first scope element (#507)
• bfaa9b2 docs(options): update grammar (#503)
• a9e4867 chore(release): 5.13.5
• ec2eb0a fix: only transpile defu for client bundle (resolves #501)
• 3759157 chore(release): 5.13.4
• 66d56ab fix: build.transpile guard for nuxt@1.x (fixes #498)
• 7e4a070 chore(release): 5.13.3
• cf1a03f fix: transpile defu
• Additional commits viewable in compare view

Updates braces from 2.3.2 to 3.0.3

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

• Changelogs are for humans, not machines.
• There should be an entry for every single version.
• The same types of changes should be grouped.
• Versions and sections should be linkable.
• The latest version comes first.
• The release date of each versions is displayed.
• Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

• Added for new features.
• Changed for changes in existing functionality.
• Deprecated for soon-to-be removed features.
• Removed for now removed features.
• Fixed for any bug fixes.
• Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

• The undocumented .makeRe method was removed

Non-breaking changes

• Caching was removed

Commits

• See full diff in compare view

Updates globby from 8.0.2 to 14.0.2

Release notes

Sourced from globby's releases.

v14.0.2

• Fix types f600250

sindresorhus/globby@v14.0.1...v14.0.2

v14.0.1

• Fix expandDirectories.extension option (#263) af5d139
• Fix read permission error on ignore files search (#259) 3a28601

sindresorhus/globby@v14.0.0...v14.0.1

v14.0.0

Breaking

• Require Node.js 18 2c06ae5

Improvements

• Add convertPathToPattern() method 3bd00a6

sindresorhus/globby@v13.2.2...v14.0.0

v13.2.2

• Update dependencies (#253) 0ae43b9

sindresorhus/globby@v13.2.1...v13.2.2

v13.2.1

• Fix ignore and expandDirectories default handling (#252) 3a48eb9

sindresorhus/globby@v13.2.0...v13.2.1

v13.2.0

• Pass deep option to ignore filter to avoid unnecessary recursion (#251) a0e4028

sindresorhus/globby@v13.1.4...v13.2.0

v13.1.4

• Fix error when reading inaccessible directories with gitignore: true and suppressErrors: true (#246) e95da57
• Remove URL TypeScript type workaround (#230) 55a3c64

sindresorhus/globby@v13.1.3...v13.1.4

v13.1.3

• Fix an edge-case bug (#242) 917670c

sindresorhus/globby@v13.1.2...v13.1.3

v13.1.2

• Make ignoreFiles option accept readonly arrays (

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[socket-security]

Report too large to display inline

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
License Policy Violation	npm/glob@7.2.3	License: CC-BY-SA-4.0 - Not allowed by license policy (package/LICENSE, package/LICENSE)	demos/DonateNow/front/package-lock.json	⚠︎
License Policy Violation	npm/node-forge@1.3.1	License: GPL-2.0 - Not allowed by license policy (npm metadata, package/LICENSE, package/package.json, package/flash/package.json)	documentation/home/package-lock.json	⚠︎
Critical CVE	npm/minimist@0.0.8	CVE: GHSA-xvch-5gv4-984h Prototype Pollution in minimist (CRITICAL) Affected versions: < 0.2.4 Patched version: 0.2.4	documentation/home/package-lock.json	⚠︎
Critical CVE	npm/babel-traverse@6.26.0	CVE: GHSA-67hx-6x53-jw92 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code (CRITICAL) Affected versions: < 7.23.2 Patched version: No patched versions	demos/DonateNow/front/package-lock.json	⚠︎
Critical CVE	npm/getobject@0.1.0	CVE: GHSA-957j-59c2-j692 Prototype pollution in getobject (CRITICAL) Affected versions: < 1.0.0 Patched version: 1.0.0	demos/DonateNow/front/package-lock.json	⚠︎
License Policy Violation	npm/node-sass@9.0.0	License: GPL-2.0-only - Not allowed by license policy (package/src/libsass/script/tap-driver)	documentation/home/package-lock.json documentation/home/package.json	⚠︎
Critical CVE	npm/handlebars@4.2.1	CVE: GHSA-f2jv-r9rf-7988 Remote code execution in handlebars when compiling templates (CRITICAL) Affected versions: < 4.7.7 Patched version: 4.7.7	demos/DonateNow/front/package-lock.json	⚠︎
Critical CVE	npm/handlebars@4.2.1	CVE: GHSA-765h-qjxv-5f44 Prototype Pollution in handlebars (CRITICAL) Affected versions: < 4.7.7 Patched version: 4.7.7	demos/DonateNow/front/package-lock.json	⚠︎
Critical CVE	npm/handlebars@4.2.1	CVE: GHSA-w457-6q6x-cgp9 Prototype Pollution in handlebars (CRITICAL) Affected versions: >= 4.0.0, < 4.3.0 Patched version: 4.3.0	demos/DonateNow/front/package-lock.json	⚠︎
License Policy Violation	npm/caniuse-lite@1.0.30001639	License: CC-BY-4.0 - Not allowed by license policy (npm metadata, package/LICENSE, package/package.json)	documentation/home/package-lock.json	⚠︎

View full report↗︎

Next steps

What is a license policy violation?

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Find a package that does not violate your license policy or adjust your policy to allow this package's license.

What is a critical CVE?

Contains a Critical Common Vulnerability and Exposure (CVE).

Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/glob@7.2.3
• @SocketSecurity ignore npm/node-forge@1.3.1
• @SocketSecurity ignore npm/minimist@0.0.8
• @SocketSecurity ignore npm/babel-traverse@6.26.0
• @SocketSecurity ignore npm/getobject@0.1.0
• @SocketSecurity ignore npm/node-sass@9.0.0
• @SocketSecurity ignore npm/handlebars@4.2.1
• @SocketSecurity ignore npm/caniuse-lite@1.0.30001639