Bump the npm_and_yarn group across 1 directory with 22 updates

[dependabot]

Bumps the npm_and_yarn group with 19 updates in the / directory:

Package	From	To
shelljs	0.7.8	0.8.5
async	2.6.3	2.6.4
browserify-sign	4.2.1	4.2.3
postcss	7.0.34	8.4.35
autoprefixer	7.2.6	10.4.18
css-loader	0.28.11	6.10.0
postcss-import	11.1.0	16.0.1
postcss-loader	2.1.6	8.1.1
postcss-url	7.3.2	10.1.3
vue-loader	13.7.3	17.4.2
decode-uri-component	0.2.0	0.2.2
dns-packet	1.3.1	1.3.4
ejs	2.7.4	``
webpack-bundle-analyzer	2.13.1	4.10.1
eventsource	0.1.6	``
webpack-dev-server	2.11.5	5.0.3
loader-utils	1.4.0	1.4.2
html-webpack-plugin	2.30.1	5.6.0
minimist	1.2.5	1.2.8

Updates shelljs from 0.7.8 to 0.8.5

Release notes

Sourced from shelljs's releases.

v0.8.5

This was a small security fix for #1058.

v0.8.4

Small patch release to fix a circular dependency warning in node v14. See #973.

v0.8.3

Closed issues:

• Shelljs print stderr to console even if exec-only "silent" is true #905
• refactor: remove common.state.tempDir #902
• Can't suppress stdout for echo #899
• exec() doesn't apply the arguments correctly #895
• shell.exec('npm pack') painfully slow #885
• shelljs.exec cannot find app.asar/node_modules/shelljs/src/exec-child.js #881
• test infra: mocks and skipOnWin conflict #862
• Support for shell function completion on IDE #859
• echo command shows options in stdout #855
• silent does not always work #851
• Appveyor installs the latest npm, instead of the latest compatible npm #844
• Force symbolic link (ln -sf) does not overwrite/recreate existing destination #830
• inconsistent result when trying to echo to a file #798
• Prevent require()ing executable-only files #789
• Cannot set property to of [object String] which has only a getter #752
• which() should check executability before returning a value #657
• Bad encoding experience #456
• phpcs very slow #440
• Error shown when triggering a sigint during shelljs.exec if process.on sigint is defined #254
• .to\(file\) does not mute STDIO output #146
• Escaping shell arguments to exec() #143
• Allow multiple string arguments for exec() #103
• cp does not recursively copy from readonly location #98
• Handling permissions errors on file I/O #64

Merged pull requests:

• Add test case for sed on empty file #904 (wyardley)
• refactor: don't expose tempdir in common.state #903 (nfischer)
• chore(ci): fix codecov on travis #897 (nfischer)
• chore(npm): add ci-or-install script #896 (nfischer)
• Fix silent exec #892 (nfischer)
• chore(appveyor): run entire test matrix #886 (nfischer)
• docs: remove gitter badge #880 (nfischer)
• grep includes the i flag #876 (ppsleep)
• Fix(which): match only executable files (#657) #874 (termosa)
• chore: rename some tests #871 (nfischer)
• Fix cp from readonly source #870 (nfischer)
• chore: bump dev dependencies and add package-lock #864 (nfischer)
• fix(mocks): fix conflict between mocks and skip #863 (nfischer)
• chore: output npm version in travis #850 (nfischer)

... (truncated)

Changelog

Sourced from shelljs's changelog.

Change Log

Unreleased

Full Changelog

Closed issues:

• find returns empty array even though directory has files #922
• exec() should support node v10 (maxbuffer change) #915
• grep exit status and extra newlines #900
• Travis CI currently broken #893
• Drop node v4 support #873
• cp -Ru respects the -R but not the -u #808

Merged pull requests:

• feat(options): initial support for long options #926 (nfischer)
• test(touch): add coverage for -d option #925 (nfischer)
• chore(node): add v10 and v11 to CI #921 (nfischer)
• chore(test): no coverage by default #920 (nfischer)
• fix(exec): consistent error message for maxBuffer #919 (nfischer)
• chore(node): drop node v4 and v5 #917 (nfischer)
• chore: script to bump supported node versions #913 (nfischer)
• chore(npm): remove lockfile #911 (nfischer)
• ci: change language to node_js and remove obsolete scripts #910 (DanielRuf)
• chore: remove gitter integration #907 (nfischer)
• fix: Exit 1 with empty string if no match #901 (wyardley)
• feat(cp): support update flag when recursing #889 (joshi-sh)

v0.8.3 (2018-11-13)

Full Changelog

Closed issues:

• Shelljs print stderr to console even if exec-only "silent" is true #905
• refactor: remove common.state.tempDir #902
• Can't suppress stdout for echo #899
• exec() doesn't apply the arguments correctly #895
• shell.exec('npm pack') painfully slow #885
• shelljs.exec cannot find app.asar/node_modules/shelljs/src/exec-child.js #881
• test infra: mocks and skipOnWin conflict #862
• Support for shell function completion on IDE #859
• echo command shows options in stdout #855
• silent does not always work #851
• Appveyor installs the latest npm, instead of the latest compatible npm #844
• Force symbolic link (ln -sf) does not overwrite/recreate existing destination #830
• inconsistent result when trying to echo to a file #798
• Prevent require()ing executable-only files #789
• Cannot set property to of [object String] which has only a getter #752

... (truncated)

Commits

• 70668a4 0.8.5
• d919d22 fix(exec): lockdown file permissions (#1060)
• fcf1651 0.8.4
• a1111ee Silence potentially upcoming circular dependency warning (#973)
• d4d1317 0.8.3
• db317bf Add test case for sed on empty file (#904)
• 0d5ecb6 docs(changelog): updated by Nate Fischer [ci skip]
• 6b3c7b1 refactor: don't expose tempdir in common.state (#903)
• 4bd22e7 chore(ci): fix codecov on travis (#897)
• 2b3b781 fix: silent exec (#892)
• Additional commits viewable in compare view

Updates async from 2.6.3 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

• Fix potential prototype pollution exploit (#1828)

Commits

• c6bdaca Version 2.6.4
• 8870da9 Update built files
• 4df6754 update changelog
• 8f7f903 Fix prototype pollution vulnerability (#1828)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Updates browserify-sign from 4.2.1 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

• [patch] widen support to 0.12 9247adf
• [patch] drop minimum node support to v1 4d0ee49
• [Dev Deps] update aud, npmignore, tape 87f3a35
• [actions] remove redundant finisher 37a4758
• [Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12
• [Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)
• [Deps] update elliptic fb261ce
• [Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

• [Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

• Only apps should have lockfiles 09a8995
• [eslint] switch to eslint 83fe463
• [meta] add npmignore and auto-changelog 4418183
• [meta] fix package.json indentation 9ac5a5e
• [Tests] migrate from travis to github actions d845d85
• [Fix] sign: throw on unsupported padding scheme 8767739
• [Fix] properly check the upper bound for DSA signatures 85994cd
• [Tests] handle openSSL not supporting a scheme f5f17c2
• [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
• [Dev Deps] update nyc, standard, tape cc5350b
• [Tests] always run coverage; downgrade nyc 75ce1d5
• [meta] add safe-publish-latest dcf49ce
• [Tests] add npm run posttest 75dd8fd
• [Dev Deps] update tape 3aec038
• [Tests] skip unsupported schemes 703c83e
• [Tests] node < 6 lacks array includes 3aa43cf
• [Dev Deps] fix eslint range 98d4e0d

Commits

• bf2c3ec v4.2.3
• 9247adf [patch] widen support to 0.12
• f427270 [Deps] update `parse-asn1
• 87f3a35 [Dev Deps] update aud, npmignore, tape
• fb261ce [Deps] update elliptic
• 4d0ee49 [patch] drop minimum node support to v1
• 9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
• 168e16f [Deps] pin elliptic due to a breaking change
• 37a4758 [actions] remove redundant finisher
• 4af5a90 v4.2.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates postcss from 7.0.34 to 8.4.35

Release notes

Sourced from postcss's releases.

8.4.35

• Avoid ! in node.parent.nodes type.
• Allow to pass undefined to node adding method to simplify types.

8.4.34

• Fixed AtRule#nodes type (by @​tim-we).
• Cleaned up code (by @​DrKiraDmitry).

8.4.33

• Fixed NoWorkResult behavior difference with normal mode (by @​romainmenke).
• Fixed NoWorkResult usage conditions (by @​ahmdammarr).

8.4.32

• Fixed postcss().process() types (by @​ferreira-tb).

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by @​romainmenke).

8.4.29

• Fixed Node#source.offset (by @​idoros).
• Fixed docs (by @​coliff).

8.4.28

• Fixed Root.source.end for better source map (by @​romainmenke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by @​romainmenke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by @​remcohaszing).

8.4.21

• Fixed Input#error types (by @​hudochenkov).

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.35

• Avoid ! in node.parent.nodes type.
• Allow to pass undefined to node adding method to simplify types.

8.4.34

• Fixed AtRule#nodes type (by Tim Weißenfels).
• Cleaned up code (by Dmitry Kirillov).

8.4.33

• Fixed NoWorkResult behavior difference with normal mode (by Romain Menke).
• Fixed NoWorkResult usage conditions (by @​ahmdammarr).

8.4.32

• Fixed postcss().process() types (by Andrew Ferreira).

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by Romain Menke).

8.4.29

• Fixed Node#source.offset (by Ido Rosenthal).
• Fixed docs (by Christian Oliff).

8.4.28

• Fixed Root.source.end for better source map (by Romain Menke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by Romain Menke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

• Fixed Input#error types (by Aleks Hudochenkov).

... (truncated)

Commits

• edda95e Release 8.4.35 version
• 612f360 Merge pull request #1924 from postcss/refactor/types
• 5e7449f Fix node.parent.nodes type
• 65075df Allow to pass undefined to adding methods to simplify type check
• 477b3bb Release 8.4.34 version
• 25af117 Update dependencies
• bb0314a Merge pull request #1922 from tim-we/improve-at-rule-types
• 9dd5a93 Fix at-rule test
• 8322d11 Fix visitor test
• ee7fcd4 Fix Document#nodes
• Additional commits viewable in compare view

Updates autoprefixer from 7.2.6 to 10.4.18

Release notes

Sourced from autoprefixer's releases.

10.4.18

• Fixed removing -webkit-box-orient on -webkit-line-clamp (@​Goodwine).

10.4.17

• Fixed user-select: contain prefixes.

10.4.16

• Improved performance (by @​romainmenke).
• Fixed docs (by @​coliff).

10.4.15

• Fixed ::backdrop prefixes (by @​yisibl).
• Fixed docs (by @​coliff).

10.4.14

• Improved startup time and reduced JS bundle size (by @​Knagis).

10.4.13

• Fixed missed prefixes on vendor prefixes in name of CSS Custom Property.

10.4.12

• Fixed support of unit-less zero angle in backgrounds (by @​yisibl).

10.4.11

• Fixed text-decoration prefixes by moving to MDN data (by @​romainmenke).

10.4.10

• Fixed unicode-bidi prefixes by moving to MDN data.

10.4.9

• Fixed css-unicode-bidi issue from latest Can I Use.

10.4.8

• Do not print color-adjust warning if print-color-adjust also is in rule.

10.4.7

• Fixed print-color-adjust support in Firefox.

10.4.6

• Fixed print-color-adjust support.

10.4.5

• Fixed NaN in grid (by @​SukkaW).

10.4.4

• Fixed package.funding to have same value between all PostCSS packages.

10.4.3

• Fixed package.funding (by @​mondeja).

... (truncated)

Changelog

Sourced from autoprefixer's changelog.

10.4.18

• Fixed removing -webkit-box-orient on -webkit-line-clamp (@​Goodwine).

10.4.17

• Fixed user-select: contain prefixes.

10.4.16

• Improved performance (by Romain Menke).
• Fixed docs (by Christian Oliff).

10.4.15

• Fixed ::backdrop prefixes (by 一丝).
• Fixed docs (by Christian Oliff).

10.4.14

• Improved startup time and reduced JS bundle size (by Kārlis Gaņģis).

10.4.13

• Fixed missed prefixes on vendor prefixes in name of CSS Custom Property.

10.4.12

• Fixed support of unit-less zero angle in backgrounds (by 一丝).

10.4.11

• Fixed text-decoration prefixes by moving to MDN data (by Romain Menke).

10.4.10

• Fixed unicode-bidi prefixes by moving to MDN data.

10.4.9

• Fixed css-unicode-bidi issue from latest Can I Use.

10.4.8

• Do not print color-adjust warning if print-color-adjust also is in rule.

10.4.7

• Fixed print-color-adjust support in Firefox.

10.4.6

• Fixed print-color-adjust support.

10.4.5

• Fixed NaN in grid (by @​SukkaW).

10.4.4

• Fixed package.funding to have same value between all PostCSS packages.

10.4.3

• Fixed package.funding (by Álvaro Mondéjar).

... (truncated)

Commits

• 90dc18d Release 10.4.18 version
• 0af1be8 Update dependencies
• 1efe165 Update c8 config
• 80ff109 Add Node.js 21 to CI
• 5e5d193 Automate release creation
• e72c36a Update actions
• ec68b52 Preserve -webkit-box-orient when -webkit-line-clamp is present (#1511)
• 46cd2cc Release 10.4.17 version
• 2738f72 Update dependencies
• b0a4007 Fix user-select: contain
• Additional commits viewable in compare view

Updates css-loader from 0.28.11 to 6.10.0

Release notes

Sourced from css-loader's releases.

v6.10.0

6.10.0 (2024-01-30)

Features

• add @rspack/core as an optional peer dependency (#1568) (3924679)
• pass the resourceQuery and resourceFragment to the auto and mode callback (#1569) (d641c4d)
• support named exports with any characters (6f43929)

v6.9.1

6.9.1 (2024-01-18)

Bug Fixes

• css nesting support
• @scope at-rule support

v6.9.0

6.9.0 (2024-01-09)

Features

• updated generateExportEntry to expose node details (#1556) (05002f3)

Bug Fixes

• css experiment detection (#1559) (f2cfe30)

v6.8.1

6.8.1 (2023-05-28)

Bug Fixes

• use cause for original errors and warnings (#1526) (ae3d8ae)

v6.8.0

6.8.0 (2023-05-27)

Features

• use template literal when it possible to prevent Maximum call stack size exceeded (#1525) (6eb5661)

Bug Fixes

... (truncated)

Changelog

Sourced from css-loader's changelog.

6.10.0 (2024-01-30)

Features

• add @rspack/core as an optional peer dependency (#1568) (3924679)
• pass the resourceQuery and resourceFragment to the auto and mode callback (#1569) (d641c4d)
• support named exports with any characters (6f43929)

6.9.1 (2024-01-18)

Bug Fixes

• css nesting support
• @scope at-rule support

6.9.0 (2024-01-09)

Features

• updated generateExportEntry to expose node details (#1556) (05002f3)

Bug Fixes

• css experiment detection (#1559) (f2cfe30)

6.8.1 (2023-05-28)

Bug Fixes

• use cause for original errors and warnings (#1526) (ae3d8ae)

6.8.0 (2023-05-27)

Features

• use template literal when it possible to prevent Maximum call stack size exceeded (#1525) (6eb5661)

Bug Fixes

• warning and error serialization (#1523) (3e52969)

6.7.4 (2023-05-19)

... (truncated)

Commits

• 7bbb57c chore(release): 6.10.0
• d641c4d feat: pass the resourceQuery and resourceFragment to the auto and `mode...
• 3924679 feat: add @rspack/core as an optional peer dependency (#1568)
• 6f43929 feat: support named exports with any characters
• f9192ee chore(release): 6.9.1
• 6515be0 fix: css nesting support and @scope at-rule
• 0751f7a docs: update (#1562)
• 2d17551 chore(release): 6.9.0
• e38116f chore: update dependencies to latest version (#1561)
• d09ff73 test: getLocalIdent and node type (#1560)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for css-loader since your current version.

Updates postcss-import from 11.1.0 to 16.0.1

Release notes

Sourced from postcss-import's releases.

14.0.0 / 2020-12-14

This release should not have breaking changes for the vast majority of users; only those with @charset statements in their CSS may be affected.

• BREAKING: Error if multiple incompatible @charset statements (#447)
• BREAKING: Warn if @charset statements are not at the top of files (#447)
• Fix handing of @charset (#436, #447)

13.0.0 / 2020-10-20

• BREAKING: Require Node 10+ (#429)
• BREAKING: Upgrade to postcss v8 and require it as a peerDependency (#427, #432)
• Update dependencies

12.0.0

• Removed: Support for Node.js v4
• Changed: Uses PostCSS v7 (https://github.com/postcss/postcss/releases/tag/7.0.0)

Changelog

Sourced from postcss-import's changelog.

16.0.1 / 2024-02-14

• Fix crash when handling some @imports with media conditions (#557, #558)

16.0.0 / 2024-01-02

• BREAKING: Require Node.js v18+ (#550, #551)
• BREAKING: Signifigant rewrite, with small behavioral tweaks in a number of edge cases
• Support for @supports conditional imports added (#532, #548)
• When skipDuplicates is false, handles import cycles correctly (#462, #535)
• Add warnOnEmpty option to allow disabling warnings for empty files (#84, #541)
• Use proper node.errors (#518, #540)

Huge thanks to @romainmenke for all the hard work he put into this release.

15.1.0 / 2022-12-07

• Add data: URL support (this is not useful for most consumers) (#515)

15.0.1 / 2022-12-01

• Preserve layer in ignored @imports (#510, #511)
• Join media queries in the correct order (#512, #513)

15.0.0 / 2022-08-30

• BREAKING: Require Node.js v14+ (#497)
• BREAKING: Require nameLayer option for handling anonymous layers (#496)
• Fix handling of @media queries inside layered imports (#495, #496)

14.1.0 / 2022-03-22

• Add @layer support (#483)

14.0.2 / 2021-05-10

• Remove remaining direct import of postcss package (#455, #456)

14.0.1 / 2021-03-31

• Fix bug with @charset statements in media imports (#448, #453)

14.0.0 / 2020-12-14

This release should not have breaking changes for the vast majority of users; only those with @charset statements in their CSS may be affected.

• BREAKING: Error if multiple incompatible @charset statements (#447)
• BREAKING: Warn if @charset statements are not at the top of files (#447)
• Fix handing of @charset (#436, #447)

... (truncated)

Commits

• fa42e63 16.0.1
• ba92913 ensure that media params remain string values (#558)
• d8a9f21 Update dependency prettier to ~3.2.0 (#555)
• 9e53da3 Update dependency c8 to v9 (#554)
• 025f27a 16.0.0
• 7fb74a5 Add trailing commas; lint on CI (#553)
• 97690de Update dependency ava to v6 (#547)
• c3e795c Update dependency prettier to v3 (#526)
• f8edbb4 Update dependency eslint-config-problems to v8 (#523)
• 568b073 BREAKING: Require Node v18+ (#551)
• Additional commits viewable in compare view

Updates postcss-loader from 2.1.6 to 8.1.1

Release notes

Sourced from postcss-loader's releases.

v8.1.1

8.1.1 (2024-02-28)

Bug Fixes

• respect default when loading postcss esm configs (52d8050)

v8.1.0

8.1.0 (2024-01-30)

Features

• add @rspack/core as an optional peer dependency (#679) (512e4c3)

v8.0.0

8.0.0 (2024-01-16)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 18.12.0 (#677) (8dd0315)

v7.3.4

7.3.4 (2023-12-27)

Bug Fixes

• do not crash if pkg.(d|devD)ependencies unset (#667) (8ef0c7e)

v7.3.3

7.3.3 (2023-06-10)

Bug Fixes

• perf: avoid using klona for postcss options (#658) (e754c3f)
• bug with loading configurations after updating cosmiconfig to version 8.2 (684d265)

v7.3.2

7.3.2 (2023-05-28)

Bug Fixes

• use cause to keep original errors and warnings (#655) (e8873f4)

v7.3.1

... (truncated)

Changelog

Sourced from postcss-loader's changelog.

8.1.1 (2024-02-28)

Bug Fixes

• respect default when loading postcss esm configs (52d8050)

8.1.0 (2024-01-30)

Features

• add @rspack/core as an optional peer dependency (#679) (512e4c3)

8.0.0 (2024-01-16)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 18.12.0 (#677) (8dd0315)

7.3.4 (2023-12-27)

Bug Fixes

• do not crash if pkg.(d|devD)ependencies unset (#667) (8ef0c7e)

7.3.3 (2023-06-10)

Bug Fixes

• perf: avoid using klona for postcss options (#658) (e754c3f)
• bug with loading configurations after updating cosmiconfig to version 8.2 (684d265)

7.3.2 (2023-05-28)

Bug Fixes

• use cause to keep original errors and warnings (#655) (e8873f4)

7.3.1 (2023-05-26)

Bug Fixes

• warning and error serialization (65748ec)

... (truncated)

Commits

• d2651fc chore(release): 8.1.1
• 52d8050 fix: respect default when loading postcss esm configs
• fdd5448 ci: fix commitlint check (#683)
• 107b519 chore: update dependencies to latest version (#682)
• 947f29b chore: update dependency-review-action to the latest version (#681)
• df307b5 chore(release): 8.1.0
• 512e4c3 feat: add @rspack/core as an optional peer dependency (#679)
• d53fe9d chore(release): 8.0.0
• 8dd0315 chore!: minimum supported Node.js version is 18.12.0 (#677)
• 754c4a5 chore(release): 7.3.4
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for postcss-loader sinc...

Description has been truncated

[dependabot]

Superseded by #32.