build(deps): bump the npm_and_yarn group across 1 directory with 32 updates

[dependabot]

Bumps the npm_and_yarn group with 25 updates in the / directory:

Package	From	To
ansi-regex	3.0.0	3.0.1
chownr	1.0.1	1.1.0
ini	1.3.4	1.3.6
npm-user-validate	1.0.0	1.0.1
request	2.81.0	2.88.2
ssri	4.1.6	6.0.2
tar	4.0.1	6.2.1
marked	0.3.6	4.0.10
yargs-parser	5.0.0	15.0.3
libnpx	9.6.0	10.2.4
nyc	11.1.0	11.9.0
minimist	1.2.0	1.2.8
mkdirp	0.5.1	0.5.6
tap	10.7.2	10.7.3
fstream	1.0.11	1.0.12
http-cache-semantics	3.7.3	4.1.1
npm-profile	2.0.4	9.0.0
pacote	6.0.2	17.0.6
bl	0.9.5	removed
nano	6.4.0	10.1.3
hoek	2.16.3	removed
request	2.81.0	2.88.2
nano	6.4.0	10.1.3
tap	10.7.3	18.7.2
decode-uri-component	0.2.0	0.2.2
shelljs	0.5.3	removed
standard	6.0.8	17.1.0
dot-prop	4.1.1	4.2.1

Updates ansi-regex from 3.0.0 to 3.0.1

Commits

• f545bdb 3.0.1
• c57d4c2 fix a few old XO issues for backport
• 419250f Fix potential ReDoS (#37)
• See full diff in compare view

Updates chownr from 1.0.1 to 1.1.0

Commits

• 76c21fa 1.1.0
• e8f0dc7 auto-publish scripts
• b196e0e add tests for old readdir support
• e06dd8a Avoid unnecessary stats on node v10.10 and above
• 36a93e3 use lchown to address part 1 of TOCTOU issue
• a631d84 use lchown instead of chown, if available
• cdd4ce7 use modern JavaScript
• d548650 update tap
• 924de1e update travis
• See full diff in compare view

Updates ini from 1.3.4 to 1.3.6

Commits

• 2da9039 1.3.6
• cfea636 better git push script, before publish instead of after
• 56d2805 do not allow invalid hazardous string as section name
• 738eca5 v1.3.5
• da3e2c4 ignore coverage
• 9868eb4 package lock
• 6d8b7c8 auto-publish scripts
• ca69873 bring test coverage up to 100%
• 2ad741b update standard for more standardizations
• ad2b547 Update tap and travis
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Updates npm-user-validate from 1.0.0 to 1.0.1

Changelog

Sourced from npm-user-validate's changelog.

Changelog

2.0.0 (2022-12-12)

⚠️ BREAKING CHANGES

• this package is now compatible with the following semver range for node: ^14.17.0 || ^16.13.0 || >=18.0.0

Features

• 4cca0be #22 add template-oss (@​lukekarrys)

Commits

• 5c5471c 1.0.1
• c8a87da fix: update email validation
• cd75393 Publish only the minimum of files
• See full diff in compare view

Updates request from 2.81.0 to 2.88.2

Changelog

Sourced from request's changelog.

Change Log

v2.88.0 (2018/08/10)

• #2996 fix(uuid): import versioned uuid (@​kwonoj)
• #2994 Update to oauth-sign 0.9.0 (@​dlecocq)
• #2993 Fix header tests (@​simov)
• #2904 #515, #2894 Strip port suffix from Host header if the protocol is known. (#2904) (@​paambaati)
• #2791 Improve AWS SigV4 support. (#2791) (@​vikhyat)
• #2977 Update test certificates (@​simov)

v2.87.0 (2018/05/21)

• #2943 Replace hawk dependency with a local implemenation (#2943) (@​hueniverse)

v2.86.0 (2018/05/15)

• #2885 Remove redundant code (for Node.js 0.9.4 and below) and dependency (@​ChALkeR)
• #2942 Make Test GREEN Again! (@​simov)
• #2923 Alterations for failing CI tests (@​gareth-robinson)

v2.85.0 (2018/03/12)

• #2880 Revert "Update hawk to 7.0.7 (#2880)" (@​simov)

v2.84.0 (2018/03/12)

• #2793 Fixed calculation of oauth_body_hash, issue #2792 (@​dvishniakov)
• #2880 Update hawk to 7.0.7 (#2880) (@​kornel-kedzierski)

v2.83.0 (2017/09/27)

• #2776 Updating tough-cookie due to security fix. (#2776) (@​karlnorling)

v2.82.0 (2017/09/19)

• #2703 Add Node.js v8 to Travis CI (@​ryysud)
• #2751 Update of hawk and qs to latest version (#2751) (@​Olivier-Moreau)
• #2658 Fixed some text in README.md (#2658) (@​Marketionist)
• #2635 chore(package): update aws-sign2 to version 0.7.0 (#2635) (@​greenkeeperio-bot)
• #2641 Update README to simplify & update convenience methods (#2641) (@​FredKSchott)
• #2541 Add convenience method for HTTP OPTIONS (#2541) (@​jamesseanwright)
• #2605 Add promise support section to README (#2605) (@​FredKSchott)
• #2579 refactor(lint): replace eslint with standard (#2579) (@​ahmadnassri)
• #2598 Update codecov to version 2.0.2 🚀 (@​greenkeeperio-bot)
• #2590 Adds test-timing keepAlive test (@​nicjansma)
• #2589 fix tabulation on request example README.MD (@​odykyi)
• #2594 chore(dependencies): har-validator to 5.x [removes babel dep] (@​ahmadnassri)

Commits

• See full diff in compare view

Updates ssri from 4.1.6 to 6.0.2

Changelog

Sourced from ssri's changelog.

6.0.2 (2021-04-07)

Bug Fixes

• backport regex change from 8.0.1 (b30dfdb), closes #19

6.0.1 (2018-08-27)

Bug Fixes

• opts: use figgy-pudding to specify consumed opts (cf86553)

6.0.0 (2018-04-09)

Bug Fixes

• docs: minor typo (b71ef17)

meta

• drop support for node@4 (d9bf359)

BREAKING CHANGES

• node@4 is no longer supported

5.3.0 (2018-03-13)

Features

• checkData: optionally throw when checkData fails (bf26b84)

... (truncated)

Commits

• b7c8c7c chore(release): 6.0.2
• b30dfdb fix: backport regex change from 8.0.1
• a4337cd chore(release): 6.0.1
• cf86553 fix(opts): use figgy-pudding to specify consumed opts
• 97b032d deps: npm6ify pkglock
• d1aa2f7 chore(release): 6.0.0
• 04b3ef7 deps: remove safe-buffer
• d9bf359 meta: drop support for node@4
• b71ef17 fix(docs): minor typo
• 0ae0c23 chore(release): 5.3.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by nlf, a new releaser for ssri since your current version.

Updates tar from 4.0.1 to 6.2.1

Release notes

Sourced from tar's releases.

v6.1.13

6.1.13 (2022-12-07)

Dependencies

• cc4e0dd #343 bump minipass from 3.3.6 to 4.0.0

v6.1.12

6.1.12 (2022-10-31)

Bug Fixes

• 57493ee #332 ensuring close event is emited after stream has ended (@​webark)
• b003c64 #314 replace deprecated String.prototype.substr() (#314) (@​CommanderRoot, @​lukekarrys)

Documentation

• f129929 #313 remove dead link to benchmarks (#313) (@​yetzt)
• c1faa9f add examples/explanation of using tar.t (@​isaacs)

Changelog

Sourced from tar's changelog.

Changelog

6.2

• Add support for brotli compression

6.1.13 (2022-12-07)

Dependencies

• cc4e0dd #343 bump minipass from 3.3.6 to 4.0.0

6.1.12 (2022-10-31)

Bug Fixes

• 57493ee #332 ensuring close event is emited after stream has ended (@​webark)
• b003c64 #314 replace deprecated String.prototype.substr() (#314) (@​CommanderRoot, @​lukekarrys)

Documentation

• f129929 #313 remove dead link to benchmarks (#313) (@​yetzt)
• c1faa9f add examples/explanation of using tar.t (@​isaacs)

6.0

• Drop support for node 6 and 8
• fix symlinks and hardlinks on windows being packed with \-style path targets

5.0

• Address unpack race conditions using path reservations
• Change large-numbers errors from TypeError to Error
• Add TAR_* error codes
• Raise TAR_BAD_ARCHIVE warning/error when there are no valid entries found in an archive
• do not treat ignored entries as an invalid archive
• drop support for node v4
• unpack: conditionally use a file mapping to write files on Windows
• Set more portable 'mode' value in portable mode
• Set portable gzip option in portable mode

4.4

• Add 'mtime' option to tar creation to force mtime
• unpack: only reuse file fs entries if nlink = 1
• unpack: rename before unlinking files on Windows
• Fix encoding/decoding of base-256 numbers
• Use stat instead of lstat when checking CWD

... (truncated)

Commits

• bef7b1e 6.2.1
• fe8cd57 prevent extraction in excessively deep subfolders
• fe7ebfd remove security.md
• 5bc9d40 6.2.0
• fe1ef5e changelog 6.2
• e483220 get rid of npm lint stuff
• 689928a ci that works outside of npm org
• db6f539 file inference improvements for .tbr and .tgz
• 336fa8f refactor: dry and other pr comments
• eeba222 chore: lint fixes
• Additional commits viewable in compare view

Updates marked from 0.3.6 to 4.0.10

Release notes

Sourced from marked's releases.

v4.0.10

4.0.10 (2022-01-13)

Bug Fixes

• security: fix redos vulnerabilities (8f80657)

v4.0.9

4.0.9 (2022-01-06)

Bug Fixes

• retain line breaks in tokens properly (#2341) (a9696e2)

v4.0.8

4.0.8 (2021-12-19)

Bug Fixes

• spaces on a newline after a table (#2319) (f82ea2c)

v4.0.7

4.0.7 (2021-12-09)

Bug Fixes

• Fix every third list item broken (#2318) (346b162), closes #2314

v4.0.6

4.0.6 (2021-12-02)

Bug Fixes

• speed up parsing long lists (#2302) (e0005d8)

v4.0.5

4.0.5 (2021-11-25)

Bug Fixes

• table after paragraph without blank line (#2298) (5714212)

v4.0.4

4.0.4 (2021-11-19)

... (truncated)

Commits

• ae01170 chore(release): 4.0.10 [skip ci]
• fceda57 🗜️ build [skip ci]
• 8f80657 fix(security): fix redos vulnerabilities
• c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
• d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 (#2352)
• 5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 (#2350)
• 2bc67a5 chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 (#2351)
• 98996b8 chore(deps-dev): Bump @​babel/preset-env from 7.16.5 to 7.16.7 (#2353)
• ebc2c95 chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 (#2354)
• e5171a9 chore(release): 4.0.9 [skip ci]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by tonybrix, a new releaser for marked since your current version.

Updates yargs-parser from 5.0.0 to 15.0.3

Release notes

Sourced from yargs-parser's releases.

yargs-parser yargs-parser-v15.0.3

Bug Fixes

• build: should use releases_created when using manifest (49ea4ef)

yargs-parser yargs-parser-v15.0.2

Bug Fixes

• perf: address slow parse when using unknown-options-as-args (#400) (bc387ec)

Changelog

Sourced from yargs-parser's changelog.

15.0.3 (2021-06-20)

Bug Fixes

• build: should use releases_created when using manifest (49ea4ef)

15.0.2 (2021-06-20)

Bug Fixes

• perf: address slow parse when using unknown-options-as-args (#400) (bc387ec)

Commits

• 50a7aeb chore: release 15.x.x (#402)
• 49ea4ef fix(build): should use releases_created when using manifest
• 89e2580 chore: release 15.x.x (#401)
• bc387ec fix(perf): address slow parse when using unknown-options-as-args (#400)
• 632b3e0 build: setup release please for back-port
• 204e9a7 build: configuring v15 for back-ports (#399)
• c893d30 fix: backport proto fixes
• eab0cb6 chore(release): 15.0.0
• ef771ca feat!: rework collect-unknown-options into unknown-options-as-args, provi...
• ac11361 chore(release): 14.0.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for yargs-parser since your current version.

Updates libnpx from 9.6.0 to 10.2.4

Changelog

Sourced from libnpx's changelog.

10.2.4 (2020-07-20)

10.2.3 (2020-03-24)

10.2.2 (2020-01-28)

Bug Fixes

• correct Kat's github url (9a23db1)
• install latest npm on travis for node 6 (e0eb3cb)
• Update changelog to fix old issue links (3733137)

10.2.0 (2018-04-13)

Bug Fixes

• i18n: fix korean; 쉘 -> 셸 (#163) (11d9fe0)
• spawn: spawn child processes with node without relying on the shebang. (#174) (cba97bb)
• windows: Allow spaces in the node path when using --node-arg (#173) (fe0d48a), closes #170

Features

• i18n: add translation (#159) (5da008b)

10.1.1 (2018-04-12)

10.1.0 (2018-04-12)

Features

• spawn: add --always-spawn to opt out of process takeover optimization feature (#172) (c0d6abc)

... (truncated)

Commits

• 84eeb54 chore(release): 10.2.4
• 7a03da5 test: patch child.js test
• 122ed5c deps: update yargs
• fa6a282 chore(release): 10.2.3
• 7d90a71 chore: update project settings, remove weall* stuff
• 26a8394 chore(release): 10.2.2
• e0eb3cb fix: install latest npm on travis for node 6
• e8b4a7e chore: put node 6 back in travis set
• 9a23db1 fix: correct Kat's github url
• 3733137 fix: Update changelog to fix old issue links
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by claudiahdz, a new releaser for libnpx since your current version.

Updates nyc from 11.1.0 to 11.9.0

Changelog

Sourced from nyc's changelog.

11.9.0 (2018-05-31)

Features

• add option that allows instrument to exit on error (#850) (1329a3b)

11.8.0 (2018-05-14)

Features

• merge together multiple istanbul format reports (#840) (9def3eb)

11.7.3 (2018-05-10)

11.7.2 (2018-05-08)

11.7.1 (2018-04-17)

11.7.0 (2018-04-16)

Features

• allow 0-line files to be ignored in coverage output (#808) (24e5979)
• load coverage files individually instead of all at once, addressing memory issues (#806) (05fea60)

11.6.0 (2018-03-13)

Bug Fixes

... (truncated)

Commits

• 570a08a chore(release): 11.9.0
• 1329a3b feat: add option that allows instrument to exit on error (#850)
• bc9ffe5 chore(release): 11.8.0
• 9def3eb feat: merge together multiple istanbul format reports (#840)
• 43bda0c chore(release): 11.7.3
• c20f8da security: address all vulnerabilities (#836)
• 4bdd42c chore(release): 11.7.2
• bd77538 test: cache clear was breaking build (#835)
• a522dd9 chore: add Node.js 8 and 10, remove Node.js 4 (#829)
• 99576fb chore: clone only last commit (#831)
• Additional commits viewable in compare view

Updates minimist from 1.2.0 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

• [Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)
• [Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)
• [Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

• [Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)
• [Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)
• [Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)
• [Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)
• [Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

• Merge tag 'v0.2.3' a026794
• [eslint] fix indentation and whitespace 5368ca4
• [eslint] fix indentation and whitespace e5f5067
• [eslint] more cleanup 62fde7d
• [eslint] more cleanup 36ac5d0
• [meta] add auto-changelog 73923d2
• [actions] add reusable workflows d80727d
• [eslint] add eslint; rules to enable later are warnings 48bc06a
• [eslint] fix indentation 34b0f1c
• [readme] rename and add badges 5df0fe4
• [Dev Deps] switch from covert to nyc a48b128
• [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
• [meta] create FUNDING.yml; add funding in package.json 3639e0c
• [meta] use npmignore to autogenerate an npmignore file be2e038
• Only apps should have lockfiles 282b570
• isConstructorOrProto adapted from PR ef9153f
• [Dev Deps] update @ljharb/eslint-config, aud 098873c
• [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
• [meta] add safe-publish-latest 4b927de
• [Tests] add aud in posttest b32d9bd
• [meta] update repo URLs f9fdfc0
• [actions] Avoid 0.6 tests due to build failures ba92fe6
• [Dev Deps] update tape 950eaa7
• [Dev Deps] add missing npmignore dev dep 3226afa
• Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

• 6901ee2 v1.2.8
• a026794 Merge tag 'v0.2.3'
• c0b2661 v0.2.3
• 63b8fee [Fix] Fix long option followed by single dash (#17)
• 72239e6 [Tests] Remove duplicate test (#12)
• 34b0f1c [eslint] fix indentation
• 3226afa [Dev Deps] add missing npmignore dev dep
• 098873c [Dev Deps] update @ljharb/eslint-config, aud
• 9ec4d27 [Fix] Fix long option followed by single dash
• ba92fe6 [actions] Avoid 0.6 tests due to build failures
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates mkdirp from 0.5.1 to 0.5.6

Commits

• 92f086d 0.5.6
• 2a28125 clean up tests
• c905d65 update minimist
• 049cf18 0.5.5
• bea6382 Remove unnecessary umask calls
• 42a012c 0.5.4
• 2867920 fix infinite loop on windows machines
• d784e70 0.5.3
• d612c5d add files list so this package isn't a monster
• b2e7ba0 0.5.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for mkdirp since your current version.

Updates tap from 10.7.2 to 10.7.3

Commits

• 104728e v10.7.3
• 352878f Update deps
• 13f2ca2 Fix missing “not” in default message for strictNotSame
• 067dc57 node can be called nodejs
• a335bc4 fixed punctuation in readme
• See full diff in compare view

Updates fstream from 1.0.11 to 1.0.12

Commits

• 4235459 1.0.12
• 6a77d2f Clobber a Link if it's in the way of a File
• See full diff in compare view

Updates http-cache-semantics from 3.7.3 to 4.1.1

Commits

• 2449650 Update mocha
• 560b2d8 Don't use regex to trim whitespace
• b1bdb92 Remove linting package zoo
• c20dc7e Cache 308
• ed83aec Explain trust server date
• 1b35980 rfc 5861 (stale-if-error, stale-while-revalidate)
• 2c2fac2 Drop trustServerDate
• eb7028f Test names
• 84cc9a8 Bump
• ae5ecd5 Add status to tests
• Additional commits viewable in compare view

Updates npm-profile from 2.0.4 to 9.0.0

Release notes

Sourced from npm-profile's releases.

v9.0.0

9.0.0 (2023-08-15)

⚠️ BREAKING CHANGES

• support for node <=16.13 has been removed

Bug Fixes

• d2fdd5e #97 drop node 16.13.x support (@​lukekarrys)

Dependencies

• 1855caf #96 bump npm-registry-fetch from 15.0.0 to 16.0.0

v8.0.0

8.0.0 (2023-08-14)

⚠️ BREAKING CHANGES

• support for node 14 has been removed

Bug Fixes

• cfd2d07 #93 drop node14 support (@​lukekarrys)

Dependencies

• 96370c2 #92 bump npm-registry-fetch from 14.0.5 to 15.0.0

v7.0.1

7.0.1 (2022-10-17)

Dependencies

• 36fa4b1 #76 bump npm-registry-fetch from 13.3.1 to 14.0.0
• 29616ad #77 bump proc-log from 2.0.1 to 3.0.0

v7.0.0

7.0.0 (2022-09-30)

⚠️ BREAKING CHANGES

• npm-profile is now compatible with the following semver range for node: ^14.17.0 || ^16.13.0 || >=18.0.0

Features

• e16befb #68 postinstall for dependabot template-oss PR (@​lukekarrys)

v6.2.1

... (truncated)

Changelog

Sourced from npm-profile's changelog.

9.0.0 (2023-08-15)

⚠️ BREAKING CHANGES

• support for node <=16.13 has been removed

Bug Fixes

• d2fdd5e #97 drop node 16.13.x support (@​lukekarrys)

Dependencies

• 1855caf #96 bump npm-registry-fetch from 15.0.0 to 16.0.0

8.0.0 (2023-08-14)

⚠️ BREAKING CHANGES

• support for node 14 has been removed

Bug Fixes

• cfd2d07 #93 drop node14 support (@​lukekarrys)

Dependencies

• 96370c2 #92 bump npm-registry-fetch from 14.0.5 to 15.0.0

7.0.1 (2022-10-17)

Dependencies

• 36fa4b1 #76 bump npm-registry-fetch from 13.3.1 to 14.0.0
• 29616ad #77 bump proc-log from 2.0.1 to 3.0.0

7.0.0 (2022-09-30)

⚠️ BREAKING CHANGES

• npm-profile is now compatible with the following semver range for node: ^14.17.0 || ^16.13.0 || >=18.0.0

Features

• e16befb #68 postinstall for dependabot template-oss PR (@​lukekarrys)

6.2.1 (2022-08-02)

Bug Fixes

... (truncated)

Commits

Description has been truncated

[openzeppelin-code]

build(deps): bump the npm_and_yarn group across 1 directory with 32 updates

Generated at commit: c6470685ed4478d3d7cfb05b1097df5b42fa031c

🚨 Report Summary

	Severity Level	Results
Contracts	Critical High Medium Low Note Total	0 0 0 0 0 0
Dependencies	Critical High Medium Low Note Total	0 0 0 0 0 0

---

For more details view the full report in OpenZeppelin Code Inspector