Bump the npm_and_yarn group across 1 directory with 16 updates

[dependabot]

Bumps the npm_and_yarn group with 8 updates in the / directory:

Package	From	To
node-sass	4.9.4	9.0.0
color-string	0.3.0	removed
decode-uri-component	0.2.0	0.2.2
fsevents	1.2.4	1.2.13
minimist	0.0.8	1.2.8
json5	0.5.1	1.0.2
loader-utils	1.1.0	1.4.2
postcss	5.2.18	8.5.6

Updates node-sass from 4.9.4 to 9.0.0

Release notes

Sourced from node-sass's releases.

v9.0.0

What's Changed

• Node 20 support by @​nschonni in sass/node-sass#3355

Breaking changes

• Drop support for Node 14 (@​nschonni)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	16, 18, 19, 20
OSX	x64	16, 18, 19, 20
Linux*	x64	16, 18, 19, 20
Alpine Linux	x64	16, 18, 19, 20

*Linux support refers to major distributions like Ubuntu, and Debian

v8.0.0

What's Changed

• Fix binaries being partially downloaded by @​xzyfer in sass/node-sass#3313
• Bump node-gyp and nan for node 19 support by @​xzyfer in sass/node-sass#3314
• feat: Node 18 and 19 support and drop Node 17 by @​nschonni in sass/node-sass#3257

Breaking changes

• Drop support for Node 12 (@​nschonni)
• Drop support for Node 17 (@​nschonni)
• Set rejectUnauthorized to true by default (@​scott-ut, #3149)

Features

• Add support for Node 18 (@​nschonni)
• Add support for Node 19 (@​nschonni)
• Replace request with make-fetch-happen (@​CamilleDrapier @​xzyfer, #3193, #3313)

Dependencies

• Bump [email protected]
• Bump node-gyp @​9.0.0
• Bump nan@^2.17.0
• Bump sass-graph@^4.0.1

Misc

• Bump various GitHub Actions dependencies (@​nschonni)

... (truncated)

Changelog

Sourced from node-sass's changelog.

v4.14.0

https://github.com/sass/node-sass/releases/tag/v4.14.0

v4.13.1

https://github.com/sass/node-sass/releases/tag/v4.13.1

v4.13.0

https://github.com/sass/node-sass/releases/tag/v4.13.0

v4.12.0

https://github.com/sass/node-sass/releases/tag/v4.12.0

v4.11.0

https://github.com/sass/node-sass/releases/tag/v4.11.0

v4.10.0

https://github.com/sass/node-sass/releases/tag/v4.10.0

Commits

• 87f3899 feat: Node 20 support (#3355)
• 06ae4c7 build(deps): bump coverallsapp/github-action from 2.0.0 to 2.1.0 (#3350)
• e069f73 build(deps): bump coverallsapp/github-action from 1.2.0 to 2.0.0
• c34837d build(deps): bump coverallsapp/github-action from 1.1.3 to 1.2.0
• ee13eb9 8.0.0
• 98e75b3 feat: Node 18 and 19 support and drop Node 17 (#3257)
• e9bb866 Bump node-gyp and nan for node 19 support (#3314)
• ab7840b Fix binaries being partially downloaded (#3313)
• d595abf 7.0.3
• 3b556c1 7.0.2
• Additional commits viewable in compare view

Removes color-string

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates fsevents from 1.2.4 to 1.2.13

Release notes

Sourced from fsevents's releases.

Release v1.2.13

Only build on Mac-OSX

Release v1.2.11

Removing node-pre-gyp so that building fsevents becomes easier and enabled without the download of binaries.

The credentials to the AWS store have been lost. Releasing to AWS is both insecure and no longer possible due to the lost credentials.

Intermediate Release

No release notes provided.

Release v1.2.9 - Node v12 compatibility

No release notes provided.

Release Pre-NAPI v1.2.8

No release notes provided.

Version Bump (bundle node-pre-gyp)

No release notes provided.

Prebuilt v11.x

No release notes provided.

Commits

• 844a05d Version Bump
• f393f2a Only build fsevents on macOS (#322)
• 6a281a7 [publish binary]
• acc2bce [publish binary]
• f532b6e [publish binary]
• 4c6a1c0 Add node 13 to travis matrix.
• 92e40aa Release 1.2.12.
• 909af26 Release v1.2.11
• 7074adb Release v1.2.10
• 0a052f6 Node.js v12 support for v1.x (#274)
• Additional commits viewable in compare view

Updates chownr from 1.0.1 to 2.0.0

Commits

• f9f9d86 2.0.0
• fc69315 drop support for EOL node versions
• 814f642 1.1.4
• a0d7ae0 push to github before npm
• 1a3667a ignore stuff
• 147eac4 Full tests, handle errors properly in many cases
• 578fb9f update tap, fix rimraf version
• 5bbda8c feat: ignore ENOENT errors during chown
• deaa058 1.1.3
• 190e311 Don't early-capture the fs.lchownSync method
• Additional commits viewable in compare view

Updates minimist from 0.0.8 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

• [Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)
• [Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)
• [Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

• [Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)
• [Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)
• [Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)
• [Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)
• [Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

• Merge tag 'v0.2.3' a026794
• [eslint] fix indentation and whitespace 5368ca4
• [eslint] fix indentation and whitespace e5f5067
• [eslint] more cleanup 62fde7d
• [eslint] more cleanup 36ac5d0
• [meta] add auto-changelog 73923d2
• [actions] add reusable workflows d80727d
• [eslint] add eslint; rules to enable later are warnings 48bc06a
• [eslint] fix indentation 34b0f1c
• [readme] rename and add badges 5df0fe4
• [Dev Deps] switch from covert to nyc a48b128
• [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
• [meta] create FUNDING.yml; add funding in package.json 3639e0c
• [meta] use npmignore to autogenerate an npmignore file be2e038
• Only apps should have lockfiles 282b570
• isConstructorOrProto adapted from PR ef9153f
• [Dev Deps] update @ljharb/eslint-config, aud 098873c
• [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
• [meta] add safe-publish-latest 4b927de
• [Tests] add aud in posttest b32d9bd
• [meta] update repo URLs f9fdfc0
• [actions] Avoid 0.6 tests due to build failures ba92fe6
• [Dev Deps] update tape 950eaa7
• [Dev Deps] add missing npmignore dev dep 3226afa
• Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

• 6901ee2 v1.2.8
• a026794 Merge tag 'v0.2.3'
• c0b2661 v0.2.3
• 63b8fee [Fix] Fix long option followed by single dash (#17)
• 72239e6 [Tests] Remove duplicate test (#12)
• 34b0f1c [eslint] fix indentation
• 3226afa [Dev Deps] add missing npmignore dev dep
• 098873c [Dev Deps] update @ljharb/eslint-config, aud
• 9ec4d27 [Fix] Fix long option followed by single dash
• ba92fe6 [actions] Avoid 0.6 tests due to build failures
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates tar from 2.2.1 to 6.2.1

Release notes

Sourced from tar's releases.

v6.1.13

6.1.13 (2022-12-07)

Dependencies

• cc4e0dd #343 bump minipass from 3.3.6 to 4.0.0

v6.1.12

6.1.12 (2022-10-31)

Bug Fixes

• 57493ee #332 ensuring close event is emited after stream has ended (@​webark)
• b003c64 #314 replace deprecated String.prototype.substr() (#314) (@​CommanderRoot, @​lukekarrys)

Documentation

• f129929 #313 remove dead link to benchmarks (#313) (@​yetzt)
• c1faa9f add examples/explanation of using tar.t (@​isaacs)

Changelog

Sourced from tar's changelog.

Changelog

7.5

• Added zstd compression support.

7.4

• Deprecate onentry in favor of onReadEntry for clarity.

7.3

• Add onWriteEntry option

7.2

• DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

• Update minipass to v7.1.0
• Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

• Drop support for node <18
• Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
• Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
• Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
• Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

6.2

• Add support for brotli compression
• Add maxDepth option to prevent extraction into excessively deep folders.

... (truncated)

Commits

• bef7b1e 6.2.1
• fe8cd57 prevent extraction in excessively deep subfolders
• fe7ebfd remove security.md
• 5bc9d40 6.2.0
• fe1ef5e changelog 6.2
• e483220 get rid of npm lint stuff
• 689928a ci that works outside of npm org
• db6f539 file inference improvements for .tbr and .tgz
• 336fa8f refactor: dry and other pr comments
• eeba222 chore: lint fixes
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Updates hosted-git-info from 2.7.1 to 2.8.9

Changelog

Sourced from hosted-git-info's changelog.

2.8.9 (2021-04-07)

Bug Fixes

• backport regex fix from #76 (29adfe5), closes #84

2.8.8 (2020-02-29)

Bug Fixes

• #61 & #65 addressing issues w/ url.URL implmentation which regressed node 6 support (5038b18), closes #66

2.8.7 (2020-02-26)

Bug Fixes

• Do not attempt to use url.URL when unavailable (2d0bb66), closes #61 #62
• Do not pass scp-style URLs to the WhatWG url.URL (f2cdfcf), closes #60

2.8.6 (2020-02-25)

2.8.5 (2019-10-07)

Bug Fixes

• updated pathmatch for gitlab (e8325b5), closes #51
• updated pathmatch for gitlab (ffe056f)

2.8.4 (2019-08-12)

... (truncated)

Commits

• 8d4b369 chore(release): 2.8.9
• 29adfe5 fix: backport regex fix from #76
• afeaefd chore(release): 2.8.8
• 5038b18 fix: #61 & #65 addressing issues w/ url.URL implmentation which regressed nod...
• 7440afa chore(release): 2.8.7
• 2d0bb66 fix: Do not attempt to use url.URL when unavailable
• f2cdfcf fix: Do not pass scp-style URLs to the WhatWG url.URL
• e1b83df chore(release): 2.8.6
• ff259a6 Ensure passwords in hosted Git URLs are correctly escaped
• 624fd6f chore(release): 2.8.5
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.

Updates json5 from 0.5.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

v1.0.1

This release includes a bug fix and minor change.

• Fix: parse throws on unclosed objects and arrays.

• New: package.json5 has been removed until an easier way to keep it in sync with package.json is found.

v1.0.0

This release includes major internal changes and public API enhancements.

• Major JSON5 officially supports Node.js v4 and later. Support for Node.js v0.10 and v0.12 have been dropped.

• New: Unicode property names and Unicode escapes in property names are supported. (#1)

• New: stringify outputs trailing commas in objects and arrays when a space option is provided. (#66)

• New: JSON5 allows line and paragraph separator characters (U+2028 and U+2029) in strings in order to be compatible with JSON. However, ES5 does not allow these characters in strings, so JSON5 gives a warning when they are parsed and escapes them when they are stringified. (#70)

• New: stringify accepts an options object as its second argument. The supported options are replacer, space, and a new quote option that specifies the quote character used in strings. (#71)

• New: The CLI supports STDIN and STDOUT and adds --out-file, --space, and --validate options. See json5 --help for more information. (#72, #84, and #108)

• New: In addition to the white space characters space \t, \v, \f, \n, \r, and \xA0, the additional white space characters \u2028, \u2029, and all other characters in the Space Separator Unicode category are allowed.

• New: In addition to the character escapes \', \", \\, \b, \f, \n, \r, and \t, the additional character escapes \v and \0, hexadecimal escapes like \x0F, and unnecessary escapes like \a are allowed in string values and string property names.

• New: stringify outputs strings with single quotes by default but intelligently uses double quotes if there are more single quotes than double quotes inside the string. (i.e. stringify('Stay here.') outputs 'Stay here.' while stringify('Let\'s go.') outputs "Let's go.")

... (truncated)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• 072eb40 1.0.1
• e7bdcd1 Update CHANGELOG for v1.0.1
• 342d575 Remove package.json5 file
• 0336c9c Fix unclosed object and array bug
• 25929ab Fix typo in API documentation
• 607c18f Readme: fix typo in attribution. [skip ci]
• 1d64ece 1.0.0
• Additional commits viewable in compare view

Updates loader-utils from 1.1.0 to 1.4.2

Release notes

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

v1.4.0

1.4.0 (2020-02-19)

Features

• the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

v1.3.0

1.3.0 (2020-02-19)

Features

• support the [query] template for the interpolatedName method (#162) (469eeba)

v1.2.3

1.2.3 (2018-12-27)

Bug Fixes

• interpolateName: don't interpolated hashType without hash or contenthash (#140) (3528fd9)

v1.2.2

1.2.2 (2018-12-27)

Bug Fixes

... (truncated)

Changelog

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

1.4.0 (2020-02-19)

Features

• the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

1.3.0 (2020-02-19)

Features

• support the [query] template for the interpolatedName method (#162) (469eeba)

1.2.3 (2018-12-27)

Bug Fixes

• interpolateName: don't interpolated hashType without hash or contenthash (#140) (3528fd9)

1.2.2 (2018-12-27)

Bug Fixes

... (truncated)

Commits

• 331ad50 chore(release): 1.4.2
• 17cbf8f fix: ReDoS problem (#226)
• 8f082b3 chore(release): 1.4.1
• 4504e34 fix: security problem (#220)
• d95b8b5 chore(release): 1.4.0
• cd0e428 feat: the resourceQuery is passed to the interpolateName method (#163)
• 06d36cf chore(release): 1.3.0
• 469eeba feat: support the [query] template for the interpolatedName method (#162)
• 909c99d chore: funding.yml config and CI fix (#159)
• b5b74f0 Set up CI with Azure Pipelines
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for loader-utils since your current version.

Updates loader-utils from 0.2.17 to 1.4.2

Release notes

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

v1.4.0

1.4.0 (2020-02-19)

Features

• the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

v1.3.0

1.3.0 (2020-02-19)

Features

• support the [query] template for the interpolatedName method (#162) (469eeba)

v1.2.3

1.2.3 (2018-12-27)

Bug Fixes

• interpolateName: don't interpolated hashType without hash or contenthash (#140) (3528fd9)

v1.2.2

1.2.2 (2018-12-27)

Bug Fixes

... (truncated)

Changelog

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

1.4.0 (2020-02-19)

Features

• the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

1.3.0 (2020-02-19)

Features

• support the [query] template for the interpolatedName method (#162) (469eeba)

1.2.3 (2018-12-27)

Bug Fixes

• interpolateName: don't interpolated hashType without hash or contenthash (#140) (3528fd9)

1.2.2 (2018-12-27)

Bug Fixes

... (truncated)

Commits

• 331ad50 chore(release): 1.4.2
• 17cbf8f fix: ReDoS problem (#226)
• 8f082b3 chore(release): 1.4.1
• 4504e34 fix: security problem (#220)
• d95b8b5 chore(release): 1.4.0
• cd0e428 feat: the resourceQuery is passed to the interpolateName method (#163)
• 06d36cf chore(release): 1.3.0
• 469eeba feat: support the [query] template for the interpolatedName method (#162)
• 909c99d chore: funding.yml config and CI fix (#159)
• b5b74f0 Set up CI with Azure Pipelines
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for loader-utils since your current version.

Updates lodash from 4.17.11 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates postcss from 5.2.18 to 8.5.6

Release notes

Sourced from postcss's releases.

8.5.6

• Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

• Fixed package.json→exports compatibility with some tools (by @​JounQin).

8.5.4

• Fixed Parcel compatibility issue (by @​git-sumitchaudhary).

8.5.3

• Added more details to Unknown word error (by @​hiepxanh).
• Fixed types (by @​romainmenke).
• Fixed docs (by @​catnipan).

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

PostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.

@​romainmenke during his work on Stylelint added Input#document in additional to Input#css.

root.source.input.document //=> "<p>Hello</p>
                           //    <style>
                           //    p {
                           //      color: green;
                           //    }
                           //    </style>"
root.source.input.css      //=> "p {
                           //      color: green;
                           //    }"

Thanks to Sponsors

This release was possible thanks to our community.

If your company wants to support the sustainability of front-end infrastructure or wants to give some love to PostCSS, you can join our supporters by:

• Tidelift with a Spotify-like subscription model supporting all projects from your lock file.
• Direct donations at GitHub Sponsors or Open Collective.

... (truncated)

Changelog

Sourced from postcss's changelog.

8.5.6

• Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

• Fixed package.json→exports compatibility with some tools (by @​JounQin).

8.5.4

• Fixed Parcel compatibility issue (by @​git-sumitchaudhary).

8.5.3

• Added more details to Unknown word error (by @​hiepxanh).
• Fixed types (by @​romainmenke).
• Fixed docs (by @​catnipan).

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

• Added Input#document for sources like CSS-in-JS or HTML (by @​romainmenke).

8.4.49

• Fixed custom syntax without source.offset (by @​romainmenke).
Description has been truncated