Bump the npm_and_yarn group across 2 directories with 13 updates

[dependabot]

Bumps the npm_and_yarn group with 5 updates in the /contracts directory:

Package	From	To
axios	1.6.7	1.6.8
@openzeppelin/contracts	4.9.5	4.9.6
@openzeppelin/contracts-upgradeable	4.9.5	4.9.6
es5-ext	0.10.62	0.10.64
express	4.18.2	4.19.2
Bumps the npm_and_yarn group with 7 updates in the /gas-oracle directory:

Package	From	To
@openzeppelin/contracts	4.9.3	4.9.6
debug	2.6.9	4.3.4
eth-gas-reporter	0.2.25	0.2.27
solidity-coverage	0.8.2	0.8.11
express	4.18.2	4.19.2
semver	5.7.1	5.7.2
undici	5.22.0	5.28.3

Updates axios from 1.6.7 to 1.6.8

Release notes

Sourced from axios's releases.

Release v1.6.8

Release notes:

Bug Fixes

• AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#6243) (2656612)
• import: use named export for EventEmitter; (7320430)
• vulnerability: update follow-redirects to 1.15.6 (#6300) (8786e0f)

Contributors to this release

• Jay
• Dmitriy Mozgovoy
• Mitchell
• Emmanuel
• Lucas Keller
• Aditya Mogili
• Miroslav Petrov

Changelog

Sourced from axios's changelog.

1.6.8 (2024-03-15)

Bug Fixes

• AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#6243) (2656612)
• import: use named export for EventEmitter; (7320430)
• vulnerability: update follow-redirects to 1.15.6 (#6300) (8786e0f)

Contributors to this release

• Jay
• Dmitriy Mozgovoy
• Mitchell
• Emmanuel
• Lucas Keller
• Aditya Mogili
• Miroslav Petrov

Commits

• ab3f0f9 chore(release): v1.6.8 (#6303)
• 2656612 fix(AxiosHeaders): fix AxiosHeaders conversion to an object during config mer...
• 7320430 fix(import): use named export for EventEmitter;
• 8786e0f fix(vulnerability): update follow-redirects to 1.15.6 (#6300)
• d844227 chore: update and bump deps (#6238)
• caa0625 docs: update README responseEncoding types (#6194)
• 41c4584 docs: Update README.md to point to current axios version in CDN links (#6196)
• bf6974f chore(ci): add npm tag action; (#6231)
• See full diff in compare view

Updates @openzeppelin/contracts from 4.9.5 to 4.9.6

Release notes

Sourced from @​openzeppelin/contracts's releases.

v4.9.6

• Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

Changelog

Sourced from @​openzeppelin/contracts's changelog.

4.9.6 (2024-02-29)

• Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

Commits

• dc44c9f Release v4.9.6 (#4931)
• a6286d0 Port Base64 tests to truffle (#4926) (#4929)
• See full diff in compare view

Updates @openzeppelin/contracts-upgradeable from 4.9.5 to 4.9.6

Release notes

Sourced from @​openzeppelin/contracts-upgradeable's releases.

v4.9.6

• Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4926)

Changelog

Sourced from @​openzeppelin/contracts-upgradeable's changelog.

4.9.6 (2024-02-29)

• Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

Commits

• 2d081f2 Transpile dc44c9f1
• 2492017 Transpile a6286d0f
• See full diff in compare view

Updates es5-ext from 0.10.62 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

---

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

---

Comparison since last release

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

Commits

• f76b03d chore: Release v0.10.64
• 2881acd chore: Bump dependencies
• c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
• 16f2b72 docs: Fix date in the changelog
• de4e03c chore: Release v0.10.63
• 3fd53b7 chore: Upgrade lint-staged to v13
• bf8ed79 chore: Ensure postinstall script does not crash on Windows
• 2cbbb07 chore: Bump dependencies
• 22d0416 chore: Bump LICENSE year
• a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
• Additional commits viewable in compare view

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates follow-redirects from 1.15.5 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• See full diff in compare view

Updates @openzeppelin/contracts from 4.9.3 to 4.9.6

Release notes

Sourced from @​openzeppelin/contracts's releases.

v4.9.6

• Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

Changelog

Sourced from @​openzeppelin/contracts's changelog.

4.9.6 (2024-02-29)

• Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

Commits

• dc44c9f Release v4.9.6 (#4931)
• a6286d0 Port Base64 tests to truffle (#4926) (#4929)
• See full diff in compare view

Updates debug from 2.6.9 to 4.3.4

Release notes

Sourced from debug's releases.

4.3.4

What's Changed

• Add section about configuring JS console to show debug messages by @​gitname in debug-js/debug#866
• Replace deprecated String.prototype.substr() by @​CommanderRoot in debug-js/debug#876

New Contributors

• @​gitname made their first contribution in debug-js/debug#866
• @​CommanderRoot made their first contribution in debug-js/debug#876

Full Changelog: debug-js/debug@4.3.3...4.3.4

4.3.3

Patch Release 4.3.3

This is a documentation-only release. Further, the repository was transferred. Please see notes below.

• Migrates repository from https://github.com/visionmedia/debug to https://github.com/debug-js/debug. Please see notes below as to why this change was made.
• Updates repository maintainership information
• Updates the copyright (no license terms change has been made)
• Removes accidental epizeuxis (#828)
• Adds README section regarding usage in child procs (#850)

Thank you to @​taylor1791 and @​kristofkalocsai for their contributions.

---

Repository Migration Information

I've formatted this as a FAQ, please feel free to open an issue for any additional question and I'll add the response here.

Q: What impact will this have on me?

In most cases, you shouldn't notice any change.

The only exception I can think of is if you pull code directly from https://github.com/visionmedia/debug, e.g. via a "debug": "visionmedia/debug"-type version entry in your package.json - in which case, you should still be fine due to the automatic redirection Github sets up, but you should also update any references as soon as possible.

Q: What are the security implications of this change?

If you pull code directly from the old URL, you should update the URL to https://github.com/debug-js/debug as soon as possible. The old organization has many approved owners and thus a new repository could (in theory) be created at the old URL, circumventing Github's automatic redirect that is in place now and serving malicious code. I (@​qix-) also wouldn't have access to that repository, so while I don't think it would happen, it's still something to consider.

Even in such a case, however, the officially released package on npm (debug) would not be affected. That package is still very much under control (even more than it used to be).

Q: What should I do if I encounter an issue related to the migration?

Search the issues first to see if someone has already reported it, and then open a new issue if someone has not.

Q: Why was this done as a 'patch' release? Isn't this breaking?

No, it shouldn't be breaking. The package on npm shouldn't be affected (aside from this patch release) and any references to the old repository should automatically redirect.

Thus, according to all of the "APIs" (loosely put) involved, nothing should have broken.

... (truncated)

Commits

• da66c86 4.3.4
• 9b33412 replace deprecated String.prototype.substr() (#876)
• c0805cc add section about configuring JS console to show debug messages (#866)
• 043d3cd 4.3.3
• 4079aae update license and more maintainership information
• 19b36c0 update repository location + maintainership information
• f851b00 adds README section regarding usage in child procs (#850)
• d177f2b Remove accidental epizeuxis
• e47f96d 4.3.2
• 1e9d38c cache enabled status per-logger (#799)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by qix, a new releaser for debug since your current version.

Updates eth-gas-reporter from 0.2.25 to 0.2.27

Release notes

Sourced from eth-gas-reporter's releases.

v0.2.27

What's Changed

• Remove @​ethersproject/abi, use ethers.utils by @​cgewecke in cgewecke/eth-gas-reporter#301

Full Changelog: cgewecke/eth-gas-reporter@v0.2.26...v0.2.27

v0.2.26

What's Changed

• Update Mocha to v10 by @​frangio in cgewecke/eth-gas-reporter#295
• Bump ethers version by @​ChristopherDedominici in cgewecke/eth-gas-reporter#296
• Remove unused request package by @​ChristopherDedominici in cgewecke/eth-gas-reporter#297
• Replace request-promise-native with axios by @​cgewecke in cgewecke/eth-gas-reporter#299

New Contributors

• @​ChristopherDedominici made their first contribution in cgewecke/eth-gas-reporter#296

Full Changelog: cgewecke/eth-gas-reporter@v0.2.2...v0.2.26

Changelog

Sourced from eth-gas-reporter's changelog.

0.2.27 / 2023-09-30

• Remove @​ethersproject/abi, use ethers.utils instead (cgewecke/eth-gas-reporter#301)

0.2.26 / 2023-09-29

• Replace request-promise-native with axios / avoid default price API calls (cgewecke/eth-gas-reporter#299)
• Remove request package (cgewecke/eth-gas-reporter#297)
• Bump ethers version (cgewecke/eth-gas-reporter#296)
• Update Mocha to v10 (cgewecke/eth-gas-reporter#295)

0.2.23 / 2021-11-26

• Add notes to README about missing price data & remote data fetching race condition
• Add support for multiple gas price tokens (BNB, MATIC, AVAX, HR, MOVR) (cgewecke/eth-gas-reporter#251)
• Make @​codechecks/client peer dep optional (cgewecke/eth-gas-reporter#257)
• Update @​solidity-parser/parser to 0.14.0 (cgewecke/eth-gas-reporter#261)

0.2.22 / 2021-03-04

• Update @​solidity-parser/parser to ^0.12.0 (support Panic keyword in catch blocks) (cgewecke/eth-gas-reporter#243)

0.2.21 / 2021-02-16

• Fix missing truffle migration deployments data (cgewecke/eth-gas-reporter#240)
• Upgrade solidity-parser/parser to 0.11.1 (cgewecke/eth-gas-reporter#239)

0.2.20 / 2020-12-01

• Add support for remote contracts data pre-loading (hardhat-gas-reporter feature)

0.2.19 / 2020-10-29

• Delegate contract loading/parsing to artifactor & make optional (#227)

0.2.18 / 2020-10-13

• Support multiple codechecks reports per CI run
• Add CI error threshold options: maxMethodDiff, maxDeploymentDiff
• Add async collection methods for BuidlerEVM
• Update solidity-parser/parser to 0.8.0 (contribution: @​vicnaum)
• Update dev deps / use Node 12 in CI

0.2.17 / 2020-04-13

• Use @​solidity-parser/parser for better solc 0.6.x parsing
• Upgrade Mocha to ^7.1.1 (to remove minimist vuln warning)
• Stop crashing when parser or ABI Encoder fails
• Update @​ethersproject/abi to ^5.0.0-beta.146 (and unpin)

... (truncated)

Commits

• See full diff in compare view

Updates solidity-coverage from 0.8.2 to 0.8.11

Release notes

Sourced from solidity-coverage's releases.

v0.8.11

Summary

0.8.11 fixes a(nother) bug that resulted in some line hits remaining undetected when compiling with viaIR=true

What's Changed

• Check all SWAP opcodes for inst. hashes when viaIR is true by @​cgewecke in sc-forks/solidity-coverage#873

Full Changelog: sc-forks/solidity-coverage@v0.8.10...v0.8.11

0.8.10

Summary

0.8.10 fixes a bug that resulted in some line hits remaining undetected when compiling with viaIR=true

What's Changed

• Check all PUSH opcodes for instr. hashes when viaIR is true by @​cgewecke in sc-forks/solidity-coverage#871

Full Changelog: sc-forks/solidity-coverage@v0.8.9...v0.8.10

0.8.9

What's Changed

• Fix regression introduced in 0.8.7 where modifier branch coverage for modifiers inherited from a dependency was not measured correctly in some cases @​cgewecke in sc-forks/solidity-coverage#868

Full Changelog: sc-forks/solidity-coverage@v0.8.8...v0.8.9

0.8.8

What's Changed

• Fix bug when instrumenting hardhat flattened contracts:
  • Only inject file-level instr. for first pragma in file by @​cgewecke in sc-forks/solidity-coverage#865
• Fix 0% coverage when using with hardhat-foundry & foundry.toml is present:
  • Coerce sources path to absolute path if necessary by @​cgewecke in sc-forks/solidity-coverage#866

Install

npm install --save-dev solidity-coverage@latest
npx hardhat clean

Full Changelog: sc-forks/solidity-coverage@v0.8.7...v0.8.8

0.8.7

What's Changed

viaIR now allowed

This release (hopefully) fixes a long-running problem solidity-coverage had with solc's viaIR compilation mode - It's now possible to use it without any special configuration. (Please report any ongoing issues with this to issue #861)

If you've been using .solcover.js options like configureYulOptimizer and solcOptimizerDetails as a work around, you should remove them when upgrading. (Don't forget to run the hardhat clean task after updating any coverage config stuff).

... (truncated)

Changelog

Sourced from solidity-coverage's changelog.

0.8.11 / 2024-03-07

• Check all SWAP opcodes for inst. hashes when viaIR is true (sc-forks/solidity-coverage#873)

0.8.10 / 2024-02-29

• Check all PUSH opcodes for instr. hashes when viaIR is true (sc-forks/solidity-coverage#871)

0.8.9 / 2024-02-27

• Fix duplicate hash logic (sc-forks/solidity-coverage#868)
• Improve organization of edge case code in collector (sc-forks/solidity-coverage#869)

0.8.8 / 2024-02-21

• Coerce sources path to absolute path if necessary (sc-forks/solidity-coverage#866)
• Only inject file-level instr. for first pragma in file (sc-forks/solidity-coverage#865)

0.8.7 / 2024-02-09

• Documentation Cleanup & Improvements for 0.8.7 release (sc-forks/solidity-coverage#859)
• Add tests for file-level function declarations (sc-forks/solidity-coverage#858)
• Add try / catch unit tests (sc-forks/solidity-coverage#857)
• Fix test project configs for viaIR detection in overrides (sc-forks/solidity-coverage#856)
• Enable coverage when viaIR compiler flag is true (sc-forks/solidity-coverage#854)
• Add missing onPreCompile hook (sc-forks/solidity-coverage#851)
• Remove ganache-cli related code from API & tests (sc-forks/solidity-coverage#849)
• Add command option to specify the source files to run the coverage on (sc-forks/solidity-coverage#838)

0.8.6 / 2024-01-28

• Add test for multi-contract files with inheritance (sc-forks/solidity-coverage#836)
• Add test for modifiers with post-conditions (sc-forks/solidity-coverage#835)
• Document Istanbul check-coverage cli command (sc-forks/solidity-coverage#834)
• Throw error when mocha parallel is set to true (sc-forks/solidity-coverage#833)
• Fix instrumentation error for virtual modifiers (sc-forks/solidity-coverage#832)
• Add test for file level using for statements (sc-forks/solidity-coverage#831)
• Fix chained ternary conditionals instrumentation

... (truncated)

Commits

• 12436cc Update changelog: 0.8.11
• ba32cd3 0.8.11
• 6236a8f Check all SWAP opcodes for inst. hashes when viaIR is true (#873)
• 6b576ca Update changelog: 0.8.10
• cd30f57 0.8.10
• 943a6fe Check all PUSH opcodes for instr. hashes when viaIR is true (#871)
• 32029b4 Update changelog: 0.8.9
• 930e8e4 0.8.9
• 6839e92 Improve organization of edge case code in collector (#869)
• e6df717 Fix duplicate hash logic (#868)
• Additional commits viewable in compare view

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates flat from 4.1.1 to 5.0.2

Commits

• e5ffd66 Release 5.0.2
• fdb79d5 Update dependencies, refresh lockfile, format with standard.
• e52185d Test against node 14 in CI.
• 0189cb1 Avoid arrow function syntax.
• f25d3a1 Release 5.0.1
• 54cc7ad use standard formatting
• 779816e drop dependencies
• 2eea6d3 Bump lodash from 4.17.15 to 4.17.19
• a61a554 Bump acorn from 7.1.0 to 7.4.0
• 20ef0ef Fix prototype pollution on unflatten
• Additional commits viewable in compare view

Updates follow-redirects from 1.15.2 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• See full diff in compare view

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

Commits

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for...

Description has been truncated

[dependabot]

Superseded by #169.