Bump the npm_and_yarn group with 2 updates

[dependabot]

Bumps the npm_and_yarn group with 2 updates: immer and shell-quote.

Updates immer from 9.0.21 to 10.0.0

Release notes

Sourced from immer's releases.

v10.0.0

10.0.0 (2023-04-17)

Release notes

• [breaking change] Immer 10 only supports modern browsers, that have support for Proxy, Reflect, Symbol and Map and Set.
• [breaking change] There is no longer a UMD build exposed (thanks Mark Erikson for modernizing the build setup in #1032!
• [breaking change] getters and setters are ignored by default on plain object, as this is a very uncommon case and provides a significant performance boost (ca 33%, but depends a lot on the scenario). Fixes #867, #1012. Thanks hrsh7th for implementing it in #941!
• [breaking change] Promise based reducers are no longer supported. Conceptually it is an anti pattern to hold on to drafts over time. If needed the old behavior can still be achieved by leveraging createDraft and finishDraft.
• [breaking change] ES5 mode (for legacy browsers) has been dropped. If your project relies on enableES5(), you SHOULD NOT upgrade Immer. enableES5 has been removed.
• [breaking change] produce is no longer exposed as the default export. This improves eco system compatibility, and makes sure that there is only one correct way of doing things
• [breaking change] enableAllPlugins has been removed, use enablePatches(); enableMapSet() instead
• [breaking change] shortening the length of a JSON array now results in delete patches, rather than a mutation of the length property, in accordance with JSON spec. Thanks kshramt for implementing this in #964!
• Immer is now an ESM package that can be directly imported into the browser. CJS should still work, UMD support has been removed.

Overall, there is a rough performance increase of 33% for Immer (and in some cases significantly higher), and the (non gzipped) bundle size has reduced from 16 to 11.5 KB, while the the minimal gzipped import of just produce has remained roughly the same at 3.3 KB.

For more details, see #1015

Migration steps

1. If you have any enableES5() call, don't migrate
2. When using getters/ setters icmw plain objects, call useStrictShallowCopy(true) at startup
3. Replace all default imports: Replace import produce from "immer" with import {produce} from "immer"
4. Replace all calls to enableAllPlugins() with enablePatches(); enableMapSet(); to be more specific and smoothen future migrations.
5. If any producer returned a Promise, refactor it to leverage createDraft instead. Roughly:

const newState = await produce(oldState, recipe)
// becomes
const draft  = createDraft(oldState)
await recipe(draft)
const newState = finishDraft(draft)

Commits

• 2ef9a42 Merge pull request #1028 from immerjs/immer-10
• 41ebbbc Restore mangleProps
• 6f2a12b Merge branch 'markerikson-feature/build-tsup' into immer-10
• 46cd1d5 Minor build fixes after tsup migration
• d5be8f2 Remove tsdx
• d897c6b Micro-optimize Object.getPrototypeOf uses
• 3ad1df5 Use tsup to build and modernize build artifacts
• 17cfe4e Output modern JS syntax
• 3c1a668 Add tsup
• 48204c9 fix issue where deleting non-existing properties fails
• Additional commits viewable in compare view

Updates shell-quote from 1.7.2 to 1.8.0

Changelog

Sourced from shell-quote's changelog.

v1.8.0 - 2023-01-30

Commits

• [New] extract parse and quote to their own deep imports 553fdfc
• [Tests] add nyc coverage fd7ddcd
• [New] Add support for here strings (<<<) 9802fb3
• [New] parse: Add syntax support for duplicating input file descriptors 216b198
• [Dev Deps] update @ljharb/eslint-config, aud, tape 85f8e31
• [Tests] add evalmd c5549fc
• [actions] update checkout action 62e9b49

v1.7.4 - 2022-10-12

Merged

• Add node_modules to .gitignore [#48](https://github.com/ljharb/shell-quote/issues/48)

Commits

• [eslint] fix indentation and whitespace aaa9d1f
• [eslint] additional cleanup 397cb62
• [meta] add auto-changelog 497fca5
• [actions] add reusable workflows 4763c36
• [eslint] add eslint 6ee1437
• [readme] rename, add badges 7eb5134
• [meta] update URLs 67381b6
• [meta] create FUNDING.yml; add funding in package.json 8641572
• [meta] use npmignore to autogenerate an npmignore file 2e2007a
• Only apps should have lockfiles f97411e
• [Dev Deps] update tape 051f608
• [meta] add safe-publish-latest 18cadf9
• [Tests] add aud in posttest dc1cc12

v1.7.3 - 2021-10-20

• Fix a security issue where the regex for windows drive letters allowed some shell meta-characters to escape the quoting rules. (CVE-2021-42740)

Commits

• 508e2f9 v1.8.0
• fd7ddcd [Tests] add nyc coverage
• 9802fb3 [New] Add support for here strings (<<<)
• 216b198 [New] parse: Add syntax support for duplicating input file descriptors
• c5549fc [Tests] add evalmd
• 553fdfc [New] extract parse and quote to their own deep imports
• 85f8e31 [Dev Deps] update @ljharb/eslint-config, aud, tape
• 62e9b49 [actions] update checkout action
• 5409e72 v1.7.4
• 4763c36 [actions] add reusable workflows
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for shell-quote since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[netlify]

✅ Deploy Preview for replicated-docs ready!

Name	Link
🔨 Latest commit	b38b7bf
🔍 Latest deploy log	https://app.netlify.com/sites/replicated-docs/deploys/6776dbd05550310008336229
😎 Deploy Preview	https://deploy-preview-2928--replicated-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[netlify]

✅ Deploy Preview for replicated-docs-upgrade ready!

Name	Link
🔨 Latest commit	b38b7bf
🔍 Latest deploy log	https://app.netlify.com/sites/replicated-docs-upgrade/deploys/6776dbd07a6859000890ff6e
😎 Deploy Preview	https://deploy-preview-2928--replicated-docs-upgrade.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.