Bump minimatch, react-scripts and serve in /frontend

[dependabot]

Bumps minimatch to 3.1.5 and updates ancestor dependencies minimatch, react-scripts and serve. These dependencies need to be updated together.

Updates minimatch from 3.0.4 to 3.1.5

Commits

• 7bba978 3.1.5
• bd25942 docs: add warning about ReDoS
• 1a9c27c fix partial matching of globstar patterns
• 1a2e084 3.1.4
• ae24656 update lockfile
• b100374 limit recursion for **, improve perf considerably
• 26ffeaa lockfile update
• 9eca892 lock node version to 14
• 00c323b 3.1.3
• 30486b2 update CI matrix and actions
• Additional commits viewable in compare view

Updates react-scripts from 3.4.1 to 5.0.1

Changelog

Sourced from react-scripts's changelog.

3.4.4 (2020-10-20)

v3.4.4 release bumps resolve-url-loader to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Migrating from 3.4.3 to 3.4.4

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@3.4.4

or

yarn add --exact react-scripts@3.4.4

3.4.3 (2020-08-12)

v3.4.3 release bumps terser-webpack-plugin to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Migrating from 3.4.2 to 3.4.3

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@3.4.3

or

yarn add --exact react-scripts@3.4.3

3.4.2 (2020-08-11)

v3.4.2 release bumps webpack-dev-server to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Commits

• 19fa58d Publish
• 9802941 fix: webpack noise printed only if error or warning (#12245)
• 2eef1d0 Update templates to use React 18 createRoot (#12220)
• 221e511 Publish
• 5614c87 Add support for Tailwind (#11717)
• 20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)
• 3afbbc0 Update all dependencies (#11624)
• f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)
• c7627ce Update webpack and dev server (#11646)
• 544befe Update package.json (#11597)
• Additional commits viewable in compare view

Updates serve from 11.3.2 to 14.2.6

Release notes

Sourced from serve's releases.

v14.2.6

Patch Changes

• 7fcb924: Bump ajv to 8.18.0
• b3888f9: Update serve-handler to 6.1.7 to fix ReDoS vulnerabilities

v14.2.5

Patch Changes

• f4b6fbd: Update compression to v1.8.1

14.2.4

Patches

• Bump serve-handler, vitest, and `typescript: #812

14.2.3

Patches

• Bump @zeit/schemas to 2.36.0: #803

14.2.2

Patches

• fix: Update ajv from 8.11.0 to 8.12.0: #796

Credits

Huge thanks to @​legobeat for helping!

14.2.1

Patches

• Set Access-Control-Allow-Headers: * default response header: #775

Credits

Huge thanks to @​hood for helping!

14.2.0

Minor Changes

• Update CORS headers to support PNA spec: #753
• Bump @zeit/schemas package: #756

Patches

• Update the license year: #752

Credits

... (truncated)

Changelog

Sourced from serve's changelog.

14.2.6

Patch Changes

• 7fcb924: Bump ajv to 8.18.0
• b3888f9: Update serve-handler to 6.1.7 to fix ReDoS vulnerabilities

14.2.5

Patch Changes

• f4b6fbd: Update compression to v1.8.1

Commits

• f3c702c Version Packages (#846)
• 7fcb924 Add changeset for #842
• a2fecb3 chore(deps): update ajv to v8.18.0 (#842)
• b3888f9 Bump serve-handler to 6.1.7 (#845)
• efd2150 Version Packages (#829)
• 838721d Add missing setup step for Changeset (#832)
• e0d526a Fix changeset config (#831)
• f4b6fbd Add Changeset (#828)
• 7f2676a Update GitHub Actions workflows (#827)
• cfaff36 chore(deps): update compression to v1.8.1 (#824)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by vercel-release-bot, a new releaser for serve since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.