Bump minimatch, archiver and glob

[dependabot]

Bumps minimatch to 5.1.6 and updates ancestor dependencies minimatch, archiver and glob. These dependencies need to be updated together.

Updates minimatch from 3.0.4 to 5.1.6

Changelog

Sourced from minimatch's changelog.

change log

7.1

• Add optimizationLevel configuration option, and revert the default back to the 6.2 style minimal optimizations, making the advanced transforms introduced in 7.0 opt-in. Also, process provided file paths in the same way in optimizationLevel:2 mode, so most things that matched with optimizationLevel 1 or 0 should match with level 2 as well. However, level 1 is the default, out of an abundance of caution.

7.0

• Preprocess patterns to simplify complicated patterns and reduce out .. pattern portions where possible. Note that this means a pattern like a/b/../* will be equivalent to a/*, and will not match the string a/b/../c. If this causes problems, it can be addressed in a patch release by resolving .. portions in the test string.

6.2

• Add nocaseMagicOnly flag

6.1

• Handle UNC paths on Windows

  This adds some slightly modified behavior when a pattern or path starts with // on Windows.

  • In the case of //?/<drive letter>:/..., the ? is treated as a literal character, rather than a wildcard. That is, //?/c: will not match //x/c:.
  • UNC patterns starting with //?/<drive letter>:/ will match file paths starting with <drive letter>: if the drive letters match case-insensitively.
  • File paths starting with //?/<drive letter>:/ will match file patterns starting with <drive letter>: if the drive letters match case-insensitively.

• Add {preserveMultipleSlashes:true} option to suppress the behavior where multiple consecutive / characters would be effectively coerced into a single path portion separator.

6.0

• hybrid module supporting both require() and import
• exported types

... (truncated)

Commits

• 3e216b9 5.1.6
• 4d0b7f5 Detect leading dots in extglob subpatterns
• 9556826 5.1.5
• 919c856 Count closing parens when closing excess open parens
• 8d5cd74 publish legacy v5 version
• 857a631 5.1.4
• d2c654d Do not apply magic unnecessarily for nocase
• 5878cf2 chore: add copyright year to license
• 9b42a9c 5.1.3
• 49ae7a2 Fix end-anchoring of negative extglobs
• Additional commits viewable in compare view

Updates archiver from 0.10.1 to 5.3.1

Release notes

Sourced from archiver's releases.

5.3.1

What’s changed

Maintenance

• Test against node v16 @​ctalkington (#545)

Dependency updates

• Bump mocha from 8.3.0 to 9.0.2 @​dependabot (#526)
• Bump actions/setup-node from 2.1.5 to 2.2.0 @​dependabot (#525)
• Bump jsdoc from 3.6.6 to 3.6.7 @​dependabot (#516)
• Bump lodash from 4.17.19 to 4.17.21 @​dependabot (#514)
• Bump chai from 4.3.3 to 4.3.4 @​dependabot (#508)
• Bump actions/setup-node from 2.2.0 to 2.3.0 @​dependabot (#528)
• Bump mocha from 9.0.2 to 9.1.0 @​dependabot (#544)
• Bump async from 3.2.0 to 3.2.1 @​dependabot (#538)
• Bump actions/checkout from 2.3.4 to 3.0.1 @​dependabot (#586)
• Bump actions/setup-node from 2.3.0 to 3.1.1 @​dependabot (#585)
• Bump jsdoc from 3.6.7 to 3.6.10 @​dependabot (#566)
• Bump async from 3.2.1 to 3.2.3 @​dependabot (#562)
• Bump mocha from 9.1.0 to 9.2.2 @​dependabot (#580)
• Bump tar from 6.1.0 to 6.1.11 @​dependabot (#546)
• Bump chai from 4.3.4 to 4.3.6 @​dependabot (#568)

5.3.0

Maintenance

• Bump chai from 4.3.0 to 4.3.3 (#505)
• Bump zip-stream from 4.0.4 to 4.1.0 (#504)
• Bump mocha from 8.2.1 to 8.3.0 (#499)
• Bump actions/setup-node from v2.1.4 to v2.1.5 (#500)
• Bump tar from 6.0.5 to 6.1.0 (#487)
• Bump chai from 4.2.0 to 4.3.0 (#496)
• Bump tar-stream from 2.1.4 to 2.2.0 (#485)
• Bump actions/setup-node from v2.1.3 to v2.1.4 (#483)
• Update progress example (#384)

5.2.0

Features

• Finalize should always return a promise (#480)

Maintenance

• Update README.md (#478)
• Fix finalize method jsdoc return type (#482)
• Bump actions/setup-node from v2.1.2 to v2.1.3 (#479)

5.1.0

... (truncated)

Changelog

Sourced from archiver's changelog.

Changelog

5.3.1 - April 15, 2022 — Diff

Maintenance

• Test against node v16 @​ctalkington (#545)

Dependency updates

• Bump mocha from 8.3.0 to 9.0.2 @​dependabot (#526)
• Bump actions/setup-node from 2.1.5 to 2.2.0 @​dependabot (#525)
• Bump jsdoc from 3.6.6 to 3.6.7 @​dependabot (#516)
• Bump lodash from 4.17.19 to 4.17.21 @​dependabot (#514)
• Bump chai from 4.3.3 to 4.3.4 @​dependabot (#508)
• Bump actions/setup-node from 2.2.0 to 2.3.0 @​dependabot (#528)
• Bump mocha from 9.0.2 to 9.1.0 @​dependabot (#544)
• Bump async from 3.2.0 to 3.2.1 @​dependabot (#538)
• Bump actions/checkout from 2.3.4 to 3.0.1 @​dependabot (#586)
• Bump actions/setup-node from 2.3.0 to 3.1.1 @​dependabot (#585)
• Bump jsdoc from 3.6.7 to 3.6.10 @​dependabot (#566)
• Bump async from 3.2.1 to 3.2.3 @​dependabot (#562)
• Bump mocha from 9.1.0 to 9.2.2 @​dependabot (#580)
• Bump tar from 6.1.0 to 6.1.11 @​dependabot (#546)
• Bump chai from 4.3.4 to 4.3.6 @​dependabot (#568)

5.3.0 - March 7, 2021 — Diff

Maintenance

• Bump chai from 4.3.0 to 4.3.3 (#505)
• Bump zip-stream from 4.0.4 to 4.1.0 (#504)
• Bump mocha from 8.2.1 to 8.3.0 (#499)
• Bump actions/setup-node from v2.1.4 to v2.1.5 (#500)
• Bump tar from 6.0.5 to 6.1.0 (#487)
• Bump chai from 4.2.0 to 4.3.0 (#496)
• Bump tar-stream from 2.1.4 to 2.2.0 (#485)
• Bump actions/setup-node from v2.1.3 to v2.1.4 (#483)
• Update progress example (#384)

5.2.0 - January 6, 2021 — Diff

Features

• Finalize should always return a promise (#480)

Maintenance

• Fix finalize method jsdoc return type (#482)

... (truncated)

Commits

• b5cc14c bump version for release
• 5c33054 Update CHANGELOG.md
• f8edcbb Update CHANGELOG.md
• 947cc22 Update release-drafter.yml
• 4c16e9d Update release-drafter.yml
• e312fe0 Update release-drafter.yml
• 1b4907f Create labels.yaml
• e4d4018 Create labels.yml
• 47bd20e Bump chai from 4.3.4 to 4.3.6 (#568)
• d508cfa Bump tar from 6.1.0 to 6.1.11 (#546)
• Additional commits viewable in compare view

Updates glob from 4.0.6 to 8.1.0

Changelog

Sourced from glob's changelog.

8.1

• Add windowsPathsNoEscape option

8.0

• Only support node v12 and higher
• \ is now only used as an escape character, and never as a path separator in glob patterns, so that Windows users have a way to match against filenames containing literal glob pattern characters.
• Glob pattern paths must use forward-slashes as path separators, since \ is an escape character to match literal glob pattern characters.
• (8.0.2) cwd and root will always be automatically coerced to use / as path separators on Windows, as they cannot contain glob patterns anyway, and are often supplied by path.resolve() and other methods that will use \ path separators by default.

7.2

• Add fs option to allow passing virtual filesystem

7.1

• Ignore stat errors that are not ENOENT to work around Windows issues.
• Support using root and absolute options together
• Bring back lumpy space princess
• force 'en' locale in string sorting

7.0

• Raise error if options.cwd is specified, and not a directory

6.0

• Remove comment and negation pattern support
• Ignore patterns are always in dot:true mode

5.0

• Deprecate comment and negation patterns
• Fix regression in mark and nodir options from making all cache keys absolute path.
• Abort if fs.readdir returns an error that's unexpected
• Don't emit match events for ignored items
• Treat ENOTSUP like ENOTDIR in readdir

4.5

... (truncated)

Commits

• 1b6bf20 8.1.0
• 1756fcc add windowsPathsNoEscape option
• af57da2 update tap, libtap
• e19db65 Remove dependency on path-is-absolute
• d844b2c 8.0.3
• fc717ba [Refactor] use more explicit assert.ok
• d13cb06 8.0.2
• af4207b changelog updates re path separator handling
• 0049e9a always coerce cwd, root to '/' separated paths
• a8a3682 remove path-is-absolute
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.