Bump the npm_and_yarn group across 2 directories with 18 updates

[dependabot]

Bumps the npm_and_yarn group with 10 updates in the /client directory:

Package	From	To
axios	0.21.1	0.28.0
debug	4.1.1	4.3.4
debug	3.2.6	4.3.4
minimist	1.2.5	1.2.8
webpack-pwa-manifest	4.2.0	4.3.0
semver	5.7.1	5.7.2
decode-uri-component	0.2.0	0.2.2
express	4.17.1	4.19.2
ip	1.1.5	1.1.9
webpack-dev-middleware	3.7.2	``
webpack-dev-server	3.11.2	5.0.4
Bumps the npm_and_yarn group with 12 updates in the /server directory:

Package	From	To
axios	0.21.1	0.28.0
minimist	1.2.5	1.2.8
semver	5.7.1	5.7.2
decode-uri-component	0.2.0	0.2.2
express	4.17.1	4.19.2
qs	6.5.2	6.5.3
xml2js	0.4.19	0.6.2
aws-sdk	2.799.0	2.1586.0
jsonwebtoken	8.5.1	9.0.0
mongoose	5.9.16	5.13.20
tar	4.4.13	4.4.19
word-wrap	1.2.3	1.2.5

Updates axios from 0.21.1 to 0.28.0

Release notes

Sourced from axios's releases.

Release v0.28.0

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• Fixing content-type header repeated #4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#4735)
• URL params serializer (#4734)
• Fixed toFormData Blob issue on node>v17 #4728
• Adding types for progress event callbacks #4675
• Fixed max body length defaults #4731
• Added data URL support for node.js (#4725)
• Added isCancel type assert (#4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
• Add string[] to AxiosRequestHeaders type (#4322)
• Allow type definition for axios instance methods (#4224)
• Fixed AxiosError stack capturing; (#4718)
• Fixed AxiosError status code type; (#4717)
• Adding Canceler parameters config and request (#4711)
• fix(types): allow to specify partial default headers for instance creation (#4185)
• Added blob to the list of protocols supported by the browser (#4678)
• Fixing Z_BUF_ERROR when no content (#4701)
• Fixed race condition on immediate requests cancellation (#4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
• Fix TS definition for AxiosRequestTransformer (#4201)
• Use type alias instead of interface for AxiosPromise (#4505)
• Include request and config when creating a CanceledError instance (#4659)
• Added generic TS types for the exposed toFormData helper (#4668)
• Optimized the code that checks cancellation (#4587)
• Replaced webpack with rollup (#4596)
• Added stack trace to AxiosError (#4624)
• Updated AxiosError.config to be optional in the type definition (#4665)
• Removed incorrect argument for NetworkError constructor (#4656)

v0.27.2

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #3785 (#4640)
• Enhanced protocol parsing implementation (#4639)
• Fixed bundle size

v0.27.1

Fixes and Functionality:

• Removed import of url module in browser build due to huge size overhead and builds being broken (#4594)
• Bumped follow-redirects to ^1.14.9 (#4615)

... (truncated)

Changelog

Sourced from axios's changelog.

0.28.0 (2024-02-12)

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• Fixing content-type header repeated #4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#4735)
• URL params serializer (#4734)
• Fixed toFormData Blob issue on node>v17 #4728
• Adding types for progress event callbacks #4675
• Fixed max body length defaults #4731
• Added data URL support for node.js (#4725)
• Added isCancel type assert (#4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
• Add string[] to AxiosRequestHeaders type (#4322)
• Allow type definition for axios instance methods (#4224)
• Fixed AxiosError stack capturing; (#4718)
• Fixed AxiosError status code type; (#4717)
• Adding Canceler parameters config and request (#4711)
• fix(types): allow to specify partial default headers for instance creation (#4185)
• Added blob to the list of protocols supported by the browser (#4678)
• Fixing Z_BUF_ERROR when no content (#4701)
• Fixed race condition on immediate requests cancellation (#4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
• Fix TS definition for AxiosRequestTransformer (#4201)
• Use type alias instead of interface for AxiosPromise (#4505)
• Include request and config when creating a CanceledError instance (#4659)
• Added generic TS types for the exposed toFormData helper (#4668)
• Optimized the code that checks cancellation (#4587)
• Replaced webpack with rollup (#4596)
• Added stack trace to AxiosError (#4624)
• Updated AxiosError.config to be optional in the type definition (#4665)
• Removed incorrect argument for NetworkError constructor (#4656)

0.27.2 (April 27, 2022)

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #3785 (#4640)
• Enhanced protocol parsing implementation (#4639)
• Fixed bundle size

0.27.1 (April 26, 2022)

... (truncated)

Commits

• 3b7635a [Release] v0.28.0 (#6211)
• 27c0076 feat(backport): added ability for paramsSerializer to handle function; (#6227)
• 80c3d74 chore(ci): backported publish action; (#6224)
• 2755df5 fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to ...
• 880b42e docs: Fix a typo in README
• c4bf0a4 Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• 1e2679f fix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incor...
• 80b546c fix: loosing request header (#4858) (#4871)
• 6acb5ef feat: brower platform add data protocol. (#4814)
• bbb2264 fix(typing): axios response headers can be undefined (#4813)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jasonsaayman, a new releaser for axios since your current version.

Updates debug from 4.1.1 to 4.3.4

Release notes

Sourced from debug's releases.

4.3.4

What's Changed

• Add section about configuring JS console to show debug messages by @​gitname in debug-js/debug#866
• Replace deprecated String.prototype.substr() by @​CommanderRoot in debug-js/debug#876

New Contributors

• @​gitname made their first contribution in debug-js/debug#866
• @​CommanderRoot made their first contribution in debug-js/debug#876

Full Changelog: debug-js/debug@4.3.3...4.3.4

4.3.3

Patch Release 4.3.3

This is a documentation-only release. Further, the repository was transferred. Please see notes below.

• Migrates repository from https://github.com/visionmedia/debug to https://github.com/debug-js/debug. Please see notes below as to why this change was made.
• Updates repository maintainership information
• Updates the copyright (no license terms change has been made)
• Removes accidental epizeuxis (#828)
• Adds README section regarding usage in child procs (#850)

Thank you to @​taylor1791 and @​kristofkalocsai for their contributions.

---

Repository Migration Information

I've formatted this as a FAQ, please feel free to open an issue for any additional question and I'll add the response here.

Q: What impact will this have on me?

In most cases, you shouldn't notice any change.

The only exception I can think of is if you pull code directly from https://github.com/visionmedia/debug, e.g. via a "debug": "visionmedia/debug"-type version entry in your package.json - in which case, you should still be fine due to the automatic redirection Github sets up, but you should also update any references as soon as possible.

Q: What are the security implications of this change?

If you pull code directly from the old URL, you should update the URL to https://github.com/debug-js/debug as soon as possible. The old organization has many approved owners and thus a new repository could (in theory) be created at the old URL, circumventing Github's automatic redirect that is in place now and serving malicious code. I (@​qix-) also wouldn't have access to that repository, so while I don't think it would happen, it's still something to consider.

Even in such a case, however, the officially released package on npm (debug) would not be affected. That package is still very much under control (even more than it used to be).

Q: What should I do if I encounter an issue related to the migration?

Search the issues first to see if someone has already reported it, and then open a new issue if someone has not.

Q: Why was this done as a 'patch' release? Isn't this breaking?

No, it shouldn't be breaking. The package on npm shouldn't be affected (aside from this patch release) and any references to the old repository should automatically redirect.

Thus, according to all of the "APIs" (loosely put) involved, nothing should have broken.

... (truncated)

Commits

• da66c86 4.3.4
• 9b33412 replace deprecated String.prototype.substr() (#876)
• c0805cc add section about configuring JS console to show debug messages (#866)
• 043d3cd 4.3.3
• 4079aae update license and more maintainership information
• 19b36c0 update repository location + maintainership information
• f851b00 adds README section regarding usage in child procs (#850)
• d177f2b Remove accidental epizeuxis
• e47f96d 4.3.2
• 1e9d38c cache enabled status per-logger (#799)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by qix, a new releaser for debug since your current version.

Updates debug from 3.2.6 to 4.3.4

Release notes

Sourced from debug's releases.

4.3.4

What's Changed

• Add section about configuring JS console to show debug messages by @​gitname in debug-js/debug#866
• Replace deprecated String.prototype.substr() by @​CommanderRoot in debug-js/debug#876

New Contributors

• @​gitname made their first contribution in debug-js/debug#866
• @​CommanderRoot made their first contribution in debug-js/debug#876

Full Changelog: debug-js/debug@4.3.3...4.3.4

4.3.3

Patch Release 4.3.3

This is a documentation-only release. Further, the repository was transferred. Please see notes below.

• Migrates repository from https://github.com/visionmedia/debug to https://github.com/debug-js/debug. Please see notes below as to why this change was made.
• Updates repository maintainership information
• Updates the copyright (no license terms change has been made)
• Removes accidental epizeuxis (#828)
• Adds README section regarding usage in child procs (#850)

Thank you to @​taylor1791 and @​kristofkalocsai for their contributions.

---

Repository Migration Information

I've formatted this as a FAQ, please feel free to open an issue for any additional question and I'll add the response here.

Q: What impact will this have on me?

In most cases, you shouldn't notice any change.

The only exception I can think of is if you pull code directly from https://github.com/visionmedia/debug, e.g. via a "debug": "visionmedia/debug"-type version entry in your package.json - in which case, you should still be fine due to the automatic redirection Github sets up, but you should also update any references as soon as possible.

Q: What are the security implications of this change?

If you pull code directly from the old URL, you should update the URL to https://github.com/debug-js/debug as soon as possible. The old organization has many approved owners and thus a new repository could (in theory) be created at the old URL, circumventing Github's automatic redirect that is in place now and serving malicious code. I (@​qix-) also wouldn't have access to that repository, so while I don't think it would happen, it's still something to consider.

Even in such a case, however, the officially released package on npm (debug) would not be affected. That package is still very much under control (even more than it used to be).

Q: What should I do if I encounter an issue related to the migration?

Search the issues first to see if someone has already reported it, and then open a new issue if someone has not.

Q: Why was this done as a 'patch' release? Isn't this breaking?

No, it shouldn't be breaking. The package on npm shouldn't be affected (aside from this patch release) and any references to the old repository should automatically redirect.

Thus, according to all of the "APIs" (loosely put) involved, nothing should have broken.

... (truncated)

Commits

• da66c86 4.3.4
• 9b33412 replace deprecated String.prototype.substr() (#876)
• c0805cc add section about configuring JS console to show debug messages (#866)
• 043d3cd 4.3.3
• 4079aae update license and more maintainership information
• 19b36c0 update repository location + maintainership information
• f851b00 adds README section regarding usage in child procs (#850)
• d177f2b Remove accidental epizeuxis
• e47f96d 4.3.2
• 1e9d38c cache enabled status per-logger (#799)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by qix, a new releaser for debug since your current version.

Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

• [Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)
• [Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)
• [Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

• [Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)
• [Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)
• [Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)
• [Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)
• [Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

• Merge tag 'v0.2.3' a026794
• [eslint] fix indentation and whitespace 5368ca4
• [eslint] fix indentation and whitespace e5f5067
• [eslint] more cleanup 62fde7d
• [eslint] more cleanup 36ac5d0
• [meta] add auto-changelog 73923d2
• [actions] add reusable workflows d80727d
• [eslint] add eslint; rules to enable later are warnings 48bc06a
• [eslint] fix indentation 34b0f1c
• [readme] rename and add badges 5df0fe4
• [Dev Deps] switch from covert to nyc a48b128
• [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
• [meta] create FUNDING.yml; add funding in package.json 3639e0c
• [meta] use npmignore to autogenerate an npmignore file be2e038
• Only apps should have lockfiles 282b570
• isConstructorOrProto adapted from PR ef9153f
• [Dev Deps] update @ljharb/eslint-config, aud 098873c
• [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
• [meta] add safe-publish-latest 4b927de
• [Tests] add aud in posttest b32d9bd
• [meta] update repo URLs f9fdfc0
• [actions] Avoid 0.6 tests due to build failures ba92fe6
• [Dev Deps] update tape 950eaa7
• [Dev Deps] add missing npmignore dev dep 3226afa
• Merge tag 'v0.2.2' 980d7ac

v1.2.7 - 2022-10-10

Commits

... (truncated)

Commits

• 6901ee2 v1.2.8
• a026794 Merge tag 'v0.2.3'
• c0b2661 v0.2.3
• 63b8fee [Fix] Fix long option followed by single dash (#17)
• 72239e6 [Tests] Remove duplicate test (#12)
• 34b0f1c [eslint] fix indentation
• 3226afa [Dev Deps] add missing npmignore dev dep
• 098873c [Dev Deps] update @ljharb/eslint-config, aud
• 9ec4d27 [Fix] Fix long option followed by single dash
• ba92fe6 [actions] Avoid 0.6 tests due to build failures
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for minimist since your current version.

Updates webpack-pwa-manifest from 4.2.0 to 4.3.0

Release notes

Sourced from webpack-pwa-manifest's releases.

v4.3.0

Dependencies are now up-to-date and there should not be more issues related to vulnerabilities.

• #134 merged: new icon types purpose and type

Commits

• See full diff in compare view

Updates follow-redirects from 1.5.10 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

Commits

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates express from 4.17.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates ip from 1.1.5 to 1.1.9

Commits

• 1ecbf2f 1.1.9
• 6a3ada9 lib: fixed CVE-2023-42282 and added unit test
• 5dc3b2f 1.1.8
• 8e6f28b lib: even better node 6 support
• 088c9e5 1.1.7
• 1a4ca35 lib: add back support for Node.js 6
• af82ef4 1.1.6
• dba19f6 package: exclude test folder from publishing
• 7cd7f30 ci: use github workflows
• 4de50ae lib: node 18 support
• See full diff in compare view

Updates qs from 6.7.0 to 6.11.0

Changelog

Sourced from qs's changelog.

6.5.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] correctly parse nested arrays
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Refactor] utils: reduce observable [[Get]]s
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [Refactor] parse: only need to reassign the var once
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] always use String(x) over x.toString()
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

Commits

• 298bfa5 v6.5.3
• ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
• 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
• 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
• 12ac1c4 [meta] fix README.md (#399)
• 0338716 [actions] backport actions from main
• 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
• 51b8a0b add FUNDING.yml
• 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
• f814a7f [Dev Deps] backport from main
• Additional commits viewable in compare view

Removes webpack-dev-middleware

Updates webpack-dev-server from 3.11.2 to 5.0.4

Release notes

Sourced from webpack-dev-server's releases.

v5.0.4

5.0.4 (2024-03-19)

Bug Fixes

• security: bump webpack-dev-middleware (#5112) (aab576a)

v5.0.3

5.0.3 (2024-03-12)

Bug Fixes

• types: proxy (#5101) (6e1aed3)

v5.0.2

5.0.2 (2024-02-16)

Bug Fixes

• types (#5057) (da2c24d)

v5.0.1

5.0.1 (2024-02-13)

Bug Fixes

• avoid using ev...

  Description has been truncated