Bump the npm_and_yarn group across 4 directories with 22 updates

[dependabot]

Bumps the npm_and_yarn group with 14 updates in the /docusaurus/website directory:

Package	From	To
bl	1.2.2	1.2.3
css-what	2.1.0	2.1.3
express	4.16.3	4.19.2
hosted-git-info	2.7.1	2.8.9
ini	1.3.5	1.3.8
lodash.merge	4.6.1	4.6.2
lodash	4.17.11	4.17.21
mixin-deep	1.3.1	1.3.2
path-parse	1.0.6	1.0.7
prismjs	1.15.0	1.29.0
remarkable	1.7.1	1.7.4
set-getter	0.1.0	0.1.1
url-parse	1.4.3	1.5.10
websocket-extensions	0.1.3	0.1.4

Bumps the npm_and_yarn group with 1 update in the /packages/create-react-app directory: semver.
Bumps the npm_and_yarn group with 3 updates in the /packages/react-dev-utils directory: browserslist, shell-quote and loader-utils.
Bumps the npm_and_yarn group with 2 updates in the /packages/react-scripts directory: react-dev-utils and webpack-dev-server.

Updates bl from 1.2.2 to 1.2.3

Commits

• d69edfd 1.2.3
• 847473a test all branches
• 0bd87ec Fix unintialized memory access
• dc097f3 test newer versions of Node
• See full diff in compare view

Updates css-what from 2.1.0 to 2.1.3

Commits

• 2db00ca 2.1.3
• dc51092 fix(css-selectors): extend regex to include superscript in range, fix #27 (#28)
• a5f1991 Test on node LTS
• b2a2117 2.1.2
• e9ef3f1 Run prettier
• 070b2f8 Add remaining parsed outputs (#25)
• af801e4 update license references to match license file (#23)
• 2d495d0 Update to node 10 in .travis.yml (#22)
• c636f0d Allow escaped parentheses in pseudo selectors (#20)
• 4e255c9 Update .travis.yml
• Additional commits viewable in compare view

Updates express from 4.16.3 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: [email protected] and [email protected] by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add [email protected] by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]
• deps: [email protected]
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: [email protected]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates hosted-git-info from 2.7.1 to 2.8.9

Changelog

Sourced from hosted-git-info's changelog.

2.8.9 (2021-04-07)

Bug Fixes

• backport regex fix from #76 (29adfe5), closes #84

2.8.8 (2020-02-29)

Bug Fixes

• #61 & #65 addressing issues w/ url.URL implmentation which regressed node 6 support (5038b18), closes #66

2.8.7 (2020-02-26)

Bug Fixes

• Do not attempt to use url.URL when unavailable (2d0bb66), closes #61 #62
• Do not pass scp-style URLs to the WhatWG url.URL (f2cdfcf), closes #60

2.8.6 (2020-02-25)

2.8.5 (2019-10-07)

Bug Fixes

• updated pathmatch for gitlab (e8325b5), closes #51
• updated pathmatch for gitlab (ffe056f)

2.8.4 (2019-08-12)

... (truncated)

Commits

• 8d4b369 chore(release): 2.8.9
• 29adfe5 fix: backport regex fix from #76
• afeaefd chore(release): 2.8.8
• 5038b18 fix: #61 & #65 addressing issues w/ url.URL implmentation which regressed nod...
• 7440afa chore(release): 2.8.7
• 2d0bb66 fix: Do not attempt to use url.URL when unavailable
• f2cdfcf fix: Do not pass scp-style URLs to the WhatWG url.URL
• e1b83df chore(release): 2.8.6
• ff259a6 Ensure passwords in hosted Git URLs are correctly escaped
• 624fd6f chore(release): 2.8.5
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.

Updates ini from 1.3.5 to 1.3.8

Commits

• a2c5da8 1.3.8
• af5c6bb Do not use Object.create(null)
• 8b648a1 don't test where our devdeps don't even work
• c74c8af 1.3.7
• 024b8b5 update deps, add linting
• 032fbaf Use Object.create(null) to avoid default object property hazards
• 2da9039 1.3.6
• cfea636 better git push script, before publish instead of after
• 56d2805 do not allow invalid hazardous string as section name
• See full diff in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Updates lodash.merge from 4.6.1 to 4.6.2

Commits

• See full diff in compare view

Updates lodash from 4.17.11 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates mixin-deep from 1.3.1 to 1.3.2

Commits

• 754f0c2 1.3.2
• 90ee1fa ensure keys are valid when mixing in values
• See full diff in compare view

Maintainer changes

This version was pushed to npm by doowb, a new releaser for mixin-deep since your current version.

Updates path-parse from 1.0.6 to 1.0.7

Commits

• See full diff in compare view

Updates prismjs from 1.15.0 to 1.29.0

Release notes

Sourced from prismjs's releases.

v1.29.0

Release 1.29.0

v1.28.0

Release 1.28.0

v1.27.0

Release 1.27.0

v1.26.0

Release 1.26.0

v1.25.0

Release 1.25.0

v1.24.1

Release 1.24.1

v1.24.0

Release 1.24.0

v1.23.0

Release 1.23.0

v1.22.0

Release 1.22.0

v1.21.0

Release 1.21.0

v1.20.0

Release 1.20.0

v1.19.0

Release 1.19.0

v1.18.0

Release 1.18.0

v1.17.1

Release 1.17.1

v1.17.0

Release 1.17.0

v1.16.0

Release 1.16.0

Changelog

Sourced from prismjs's changelog.

1.29.0 (2022-08-23)

New components

• BBj (#3511) 1134bdfc
• BQN (#3515) 859f99a0
• Cilk/C & Cilk/C++ (#3522) c8462a29
• Gradle (#3443) 32119823
• METAFONT (#3465) 2815f699
• WGSL (#3455) 4c87d418

Updated components

• AsciiDoc
  • Some regexes are too greedy (#3481) c4cbeeaa
• Bash
  • Added "sh" alias (#3509) 6b824d47
  • Added support for parameters and the java and sysctl commands. (#3505) b9512b22
  • Added cargo command (#3488) 3e937137
• BBj
  • Improve regexes (#3512) 0cad9ae5
• CSS
  • Fixed @-rules not accounting for strings (#3438) 0d4b6cb6
• CSS Extras
  • Added support for RebeccaPurple color (#3448) 646b2e0a
• Hoon
  • Fixed escaped strings (#3473) 64642716
• Java
  • Added support for constants (#3507) 342a0039
• Markup
  • Fixed quotes in HTML attribute values (#3442) ca8eaeee
• NSIS
  • Added missing commands (#3504) b0c2a9b4
• Scala
  • Updated keywords to support Scala 3 (#3506) a090d063
• SCSS
  • Fix casing in title of the scss lang (#3501) 2aed9ce7

Updated plugins

• Line Highlight
  • Account for offset when clamping ranges (#3518) 098e3000
  • Ignore ranges outside of actual lines (#3475) 9a4e725b
• Normalize Whitespace
  • Add configuration via attributes (#3467) 91dea0c8

Other

• Added security policy (#3070) 05ee042a
• Added list of maintainers (#3410) 866b302e

... (truncated)

Commits

• 59e5a34 1.29.0
• cd080f2 Updated npmignore to include new MD files (#3534)
• 751664b Added PR stop notice (#3532)
• 248f6ab Added changelog for v1.29.0 (#3533)
• 098e300 Line Highlight: Account for offset when clamping ranges (#3518)
• 6b824d4 Bash: Added "sh" alias (#3509)
• 15272f7 Website: Added third-party tutorial for Pug template (#3459)
• c8462a2 Cilk: Add support for Cilk (with C/C++) (#3522)
• 859f99a Added bqn language support (#3515)
• 0cad9ae BBj: Improve regexes (#3512)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by rundevelopment, a new releaser for prismjs since your current version.

Updates qs from 6.5.1 to 6.5.2

Changelog

Sourced from qs's changelog.

6.5.2

• [Fix] use safer-buffer instead of Buffer constructor
• [Refactor] utils: module.exports one thing, instead of mutating exports (#230)
• [Dev Deps] update browserify, eslint, iconv-lite, safer-buffer, tape, browserify

Commits

• eaabd05 v6.5.2
• 9a73e55 [Dev Deps] update browserify, eslint, iconv-lite, safer-buffer
• 29477ba [Dev Deps] update eslint, tape, browserify
• 73b3732 [Fix] use safer-buffer instead of Buffer constructor
• 037f368 [Dev Deps] update eslint
• 9dcec60 [Dev Deps] update eslint, iconv-lite
• 6f0586f Change exports usage
• See full diff in compare view

Updates remarkable from 1.7.1 to 1.7.4

Changelog

Sourced from remarkable's changelog.

1.7.4 / 2019-07-30

• upgrade argparse (jonschlinkert/remarkable#349)
• prevent a ReDoS vulnerability (#335)
• disallow ascii control characters in URLs (#334)

1.7.0 / 2016-09-27

• Special thanks to lemoinem for adding much needed, and well-written documentation!
• Footnotes are now enabled by default
• Adds support for "passthrough classes", thanks to matthewmueller
• Outlaws data: URLs by default, thanks to spicyj
• Improves whitespace trimming performance, thanks to dpkirchner
• Image alts are now properly unescaped, thanks to adam187

1.6.2 / 2016-02-04

• Add support for specifying link target
• StateBlock.getLines should only read from the current line
• Fix missing space after shortcut links
• Fix "Manage rules" sample code in README.md
• Fix encoding of non-ASCII text (fixes #141)
• Option to not alter links provided for href
• Add Node.js v0.12 and v4 to Travis config
• Define bin script for npm
• Fix "Manage rules" sample code in README.md
• Fix typo in github proj url in Makefile
• Fix build by ignoring the demo directory in eslint

1.6.1 / 2015-11-19

• npm now installs a script so you can access remarkable from the command line.

1.5.0 / 2014-12-12

• Added Demo sync scroll, to show how lines mapping can be used.
• Improved IE8 support. Now you need only es5-shim, without es5-sham.
• Fixed errors on refs/attrs/footnoted with special names like __proto__.
• Renamed Ruler() private properties, to show those should not be accessed directly.
• Fixed Makefile OSX compatibility.

1.4.2 / 2014-11-29

... (truncated)

Commits

• 85abd88 v1.7.4
• 6217c5d Upgrade argparse #349
• 7d98b94 v1.7.3
• c688aa5 Build umd
• 152e378 Add prepublish hook
• aaa807a v1.7.2
• 287dfbf Prevent a ReDoS vulnerability (#335)
• 49e87b7 fix: disallow ascii control characters in URLs (#334)
• 232a554 Merge pull request #345 from TrySound/coverage
• fb7bc09 Enable coverage via nyc
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by trysound, a new releaser for remarkable since your current version.

Updates set-getter from 0.1.0 to 0.1.1

Commits

• See full diff in compare view

Updates underscore from 1.7.0 to 1.9.1

Commits

• ae037f7 Underscore.js 1.9.1
• 5a55dd1 Fixes #2741. _.first() and _.last() should return an empty array when request...
• 3cd55ea Merge pull request #2672 from captbaritone/foo
• 34cabf5 Merge pull request #2725 from josephlin55555/master
• 6a71daf Merge pull request #2728 from okkez/fix-typo
• c3f3582 Merge pull request #2743 from nowke/add-size-example
• ae93330 Merge pull request #2757 from captbaritone/shallow-has
• eac0039 Add has internal function
• 4bd6f69 Merge pull request #2753 from liroyleshed/patch-2
• e35f79f Update collections.js
• Additional commits viewable in compare view

Updates url-parse from 1.4.3 to 1.5.10

Commits

• 8cd4c6c 1.5.10
• ce7a01f [fix] Improve handling of empty port
• 0071490 [doc] Update JSDoc comment
• a7044e3 [minor] Use more descriptive variable name
• d547792 [security] Add credits for CVE-2022-0691
• ad23357 1.5.9
• 0e3fb54 [fix] Strip all control characters from the beginning of the URL
• 61864a8 [security] Add credits for CVE-2022-0686
• bb0104d 1.5.8
• d5c6479 [fix] Handle the case where the port is specified but empty
• Additional commits viewable in compare view

Updates websocket-extensions from 0.1.3 to 0.1.4

Changelog

Sourced from websocket-extensions's changelog.

0.1.4 / 2020-06-02

• Remove a ReDoS vulnerability in the header parser (CVE-2020-7662, reported by Robert McLaughlin)
• Change license from MIT to Apache 2.0

Commits

• 5ea0b42 Bump version to 0.1.4
• 29496f6 Remove ReDoS vulnerability in the Sec-WebSocket-Extensions header parser
• 4a76c75 Add Node versions 13 and 14 on Travis
• 44a677a Formatting change: {...} should have spaces inside the braces
• f6c50ab Let npm reformat package.json
• 2d211f3 Change markdown formatting of docs.
• 0b62083 Update Travis target versions.
• 729a465 Switch license to Apache 2.0.
• See full diff in compare view

Updates semver from 5.5.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

Commits

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• c83c18c 5.7.1
• 956e228 Correct typo in README
• 8055dda 5.7.0
• 604e73d auto-publishing scripts
• bed01e2 remove the nomin comments, since we don't minify any more anyway
• 9cb68f1 document parse method
• 38d42ca 5.7 changelog
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates browserslist from 4.1.1 to 4.16.5

Changelog

Sourced from browserslist's changelog.

4.16.5

• Fixed unsafe RegExp (by Yeting Li).

4.16.4

• Fixed unsafe RegExp.
• Added artifactory support to --update-db (by Ittai Baratz).

4.16.3

• Fixed --update-db.

4.16.2

• Fixed --update-db (by @​ialarmedalien).

4.16.1

• Fixed Chrome 4 with mobileToDesktop (by Aron Woost).

4.16

• Add browserslist config query.

4.15

• Add TypeScript types (by Dmitry Semigradsky).

4.14.7

• Fixed Yarn Workspaces support to --update-db (by Fausto Núñez Alberro).
• Added browser changes to --update-db (by @​AleksandrSl).
• Added color output to --update-db.
• Updated package.funding to have link to our Open Collective.

4.14.6

• Fixed Yarn support in --update-db (by Ivan Storck).
• Fixed npm 7 support in --update-db.

4.14.5

• Fixed last 2 electron versions query (by Sergey Melyukov).

4.14.4

• Fixed Unknown version 59 of op_mob error.

4.14.3

• Update Firefox ESR.

4.14.2

• Fixed --update-db on Windows (by James Ross).
• Improved --update-db output.

4.14.1

• Added --update-db explanation (by Justin Zelinsky).

4.14

• Add BROWSERSLIST_DANGEROUS_EXTEND support (by Timo Mayer).

... (truncated)

Commits

• 7cc2aed Release 4.16.5 version
• 27e4afd Update dependencies
• 1013a18 Fix version RegExp
• b879a1a Use Node.js 16 on CI
• bd1e9e0 Fix ReDoS (#593)
• 209adf9 Release 4.16.4 version
• 3e2ae3b Fix types
• 39e6a04 Update dependencies
• c091916 Fix unsafe regexp
• 61be47f Update clean-publish
• Additional commits viewable in compare view

Updates shell-quote from 1.6.1 to 1.7.3

Changelog

Sourced from shell-quote's changelog.

v1.7.3 - 2021-10-20

• Fix a security issue where the regex for windows drive letters allowed some shell meta-characters to escape the quoting rules. (CVE-2021-42740)

v1.7.2 - 2019-08-30

• Fix a regression introduced in 1.6.3. This reverts the Windows path quoting fix. (144e1c2)

v1.7.1 - 2019-08-13

• Fix $ being removed when not part of an environment variable name. (@​Adman in #32)

v1.7.0 - 2019-08-13

• Add support for parsing >> and >& redirection operators. (@​forivall in #16)
• Add support for parsing <( process substitution operator. (@​cuonglm in #15)

v1.6.3 - 2019-08-13

• Fix Windows path quoting problems. (@​dy in #34)

v1.6.2 - 2019-08-13

Merged

• Use native JSON and Array methods [#21](https://github.com/ljharb/shell-quote/issues/21)

Commits

• fix whitespace 72fb5a8
• Disable package-lock.json d450577

Commits

• 6a8a899 1.7.3
• 5799416 fix for security issue with windows drive letter regex
• c7de931 Add security.md
• 414853f Update readme.markdown (#43)
• 0fc4a97 use Github Actions (#42)
• 89a1993 1.7.2
• df7e4c7 add test for #37
• 144e1c2 revert windows path unescaping, fixes #37
• c24f3aa ci: nvs does not have iojs
• c2950fb 1.7.1
• Additional commits viewable in compare view

Updates loader-utils from 1.1.0 to 1.4.2

Release notes

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

v1.4.0

1.4.0 (2020-02-19)

Features

• the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

v1.3.0

1.3.0 (2020-02-19)

Features

• support the [query] template for the interpolatedName method (#162) (469eeba)

v1.2.3

1.2.3 (2018-12-27)

Bug Fixes

• interpolateName: don't interpolated hashType without hash or contenthash (#140) (3528fd9)

v1.2.2

1.2.2 (2018-12-27)

Bug Fixes

... (truncated)

Changelog

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

1.4.0 (2020-02-19)

Features

• the resourceQuery is passed to the interpolateName method (#163) (