Bump the npm_and_yarn group across 1 directory with 21 updates

[dependabot]

Bumps the npm_and_yarn group with 12 updates in the / directory:

Package	From	To
debug	2.3.2	2.6.9
express	4.14.0	4.19.2
mongodb	2.2.11	3.1.13
morgan	1.7.0	1.9.1
brace-expansion	1.1.6	1.1.11
es5-ext	0.10.12	0.10.64
is-my-json-valid	2.15.0	2.20.6
js-yaml	3.7.0	3.14.1
lodash	4.17.0	4.17.21
minimatch	3.0.3	3.1.2
semver	5.3.0	5.7.2
sshpk	1.10.1	1.18.0

Updates debug from 2.3.2 to 2.6.9

Release notes

Sourced from debug's releases.

2.6.9

Patches

• Remove ReDoS regexp in %o formatter: #504

Credits

Huge thanks to @​zhuangya for their help!

release 2.6.7

No release notes provided.

release 2.6.6

No release notes provided.

release 2.6.5

No release notes provided.

release 2.6.4

No release notes provided.

release 2.6.3

No release notes provided.

release 2.6.2

No release notes provided.

release 2.6.1

No release notes provided.

release 2.6.0

No release notes provided.

release 2.5.2

No release notes provided.

release 2.5.1

No release notes provided.

release 2.4.5

No release notes provided.

release 2.4.4

No release notes provided.

release 2.4.3

No release notes provided.

release 2.4.2

No release notes provided.

... (truncated)

Changelog

Sourced from debug's changelog.

2.6.9 / 2017-09-22

• remove ReDoS regexp in %o formatter (#504)

2.6.8 / 2017-05-18

• Fix: Check for undefined on browser globals (#462, @​marbemac)

2.6.7 / 2017-05-16

• Fix: Update ms to 2.0.0 to fix regular expression denial of service vulnerability (#458, @​hubdotcom)
• Fix: Inline extend function in node implementation (#452, @​dougwilson)
• Docs: Fix typo (#455, @​msasad)

2.6.5 / 2017-04-27

• Fix: null reference check on window.documentElement.style.WebkitAppearance (#447, @​thebigredgeek)
• Misc: clean up browser reference checks (#447, @​thebigredgeek)
• Misc: add npm-debug.log to .gitignore (@​thebigredgeek)

2.6.4 / 2017-04-20

• Fix: bug that would occure if process.env.DEBUG is a non-string value. (#444, @​LucianBuzzo)
• Chore: ignore bower.json in npm installations. (#437, @​joaovieira)
• Misc: update "ms" to v0.7.3 (@​tootallnate)

2.6.3 / 2017-03-13

• Fix: Electron reference to process.env.DEBUG (#431, @​paulcbetts)
• Docs: Changelog fix (@​thebigredgeek)

2.6.2 / 2017-03-10

• Fix: DEBUG_MAX_ARRAY_LENGTH (#420, @​slavaGanzin)
• Docs: Add backers and sponsors from Open Collective (#422, @​piamancini)
• Docs: Add Slackin invite badge (@​tootallnate)

2.6.1 / 2017-02-10

• Fix: Module's export default syntax fix for IE8 Expected identifier error
• Fix: Whitelist DEBUG_FD for values 1 and 2 only (#415, @​pi0)

... (truncated)

Commits

• 13abeae Release 2.6.9
• f53962e remove ReDoS regexp in %o formatter (#504)
• 52e1f21 Release 2.6.8
• 2482e08 Check for undefined on browser globals (#462)
• 6bb07f7 release 2.6.7
• 15850cb Fix Regular Expression Denial of Service (ReDoS)
• 4a6c85c update "debug" to v1.0.0 (#454)
• b68dbf8 Fix typo (#455)
• 1351d2f Inline extend function in node implementation (#452)
• c211947 update version for component
• Additional commits viewable in compare view

Updates express from 4.14.0 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: [email protected] and [email protected] by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add [email protected] by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]
• deps: [email protected]
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: [email protected]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates mongodb from 2.2.11 to 3.1.13

Changelog

Sourced from mongodb's changelog.

3.1.13 (2019-01-23)

Bug Fixes

• restore ability to webpack by removing makeLazyLoader (050267d)
• bulk: honor ignoreUndefined in initializeUnorderedBulkOp (e806be4)
• changeStream: properly handle changeStream event mid-close (#1902) (5ad9fa9)
• db_ops: ensure we async resolve errors in createCollection (210c71d)

3.1.12 (2019-01-16)

Features

• core: update to mongodb-core v3.1.11 (9bef6e7)

3.1.11 (2019-01-15)

Bug Fixes

• bulk: fix error propagation in empty bulk.execute (a3adb3f)
• bulk: make sure that any error in bulk write is propagated (bedc2d2)
• bulk: properly calculate batch size for bulk writes (aafe71b)
• operations: do not call require in a hot path (ff82ff4)

3.1.10 (2018-11-16)

Bug Fixes

• auth: remember to default to admin database (c7dec28)

Features

• core: update to mongodb-core v3.1.9 (bd3355b)

... (truncated)

Commits

• c6f417e chore(release): 3.1.13
• 210c71d fix(db_ops): ensure we async resolve errors in createCollection
• 5ad9fa9 fix(changeStream): properly handle changeStream event mid-close (#1902)
• e806be4 fix(bulk): honor ignoreUndefined in initializeUnorderedBulkOp
• 050267d fix(*): restore ability to webpack by removing makeLazyLoader
• 6e896f4 docs: adding aggregation, createIndex, and runCommand examples
• cb3cd12 chore(release): 3.1.12
• 508d685 Revert "chore(release): 3.2.0"
• e7619aa chore(release): 3.2.0
• d0dc228 chore(travis): include forgotten stage info for sharded builds
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by mbroadst, a new releaser for mongodb since your current version.

Updates morgan from 1.7.0 to 1.9.1

Release notes

Sourced from morgan's releases.

1.9.1

• Fix using special characters in format
• deps: depd@~1.1.2
  • perf: remove argument reassignment

1.9.0

• Use res.headersSent when available
• deps: basic-auth@~2.0.0
  • Use safe-buffer for improved Buffer API
• deps: [email protected]
• deps: depd@~1.1.1
  • Remove unnecessary Buffer loading

1.8.2

• deps: [email protected]
  • Fix DEBUG_MAX_ARRAY_LENGTH
  • deps: [email protected]

1.8.1

• deps: [email protected]
  • Fix deprecation messages in WebStorm and other editors
  • Undeprecate DEBUG_FD set to 1 or 2

1.8.0

• Fix sending unnecessary undefined argument to token functions
• deps: basic-auth@~1.1.0
• deps: [email protected]
  • Allow colors in workers
  • Deprecated DEBUG_FD environment variable
  • Fix error when running under React Native
  • Use same color for same namespace
  • deps: [email protected]
• perf: enable strict mode in compiled functions

Changelog

Sourced from morgan's changelog.

1.9.1 / 2018-09-10

• Fix using special characters in format
• deps: depd@~1.1.2
  • perf: remove argument reassignment

1.9.0 / 2017-09-26

• Use res.headersSent when available
• deps: basic-auth@~2.0.0
  • Use safe-buffer for improved Buffer API
• deps: [email protected]
• deps: depd@~1.1.1
  • Remove unnecessary Buffer loading

1.8.2 / 2017-05-23

• deps: [email protected]
  • Fix DEBUG_MAX_ARRAY_LENGTH
  • deps: [email protected]

1.8.1 / 2017-02-04

• deps: [email protected]
  • Fix deprecation messages in WebStorm and other editors
  • Undeprecate DEBUG_FD set to 1 or 2

1.8.0 / 2017-02-04

• Fix sending unnecessary undefined argument to token functions
• deps: basic-auth@~1.1.0
• deps: [email protected]
  • Allow colors in workers
  • Deprecated DEBUG_FD environment variable
  • Fix error when running under React Native
  • Use same color for same namespace
  • deps: [email protected]
• perf: enable strict mode in compiled functions

Commits

• 572dd93 1.9.1
• e02de38 lint: apply standard 12 style
• e329663 Fix using special characters in format
• eb1968a tests: use strict equality checks
• 310b206 build: use yaml eslint configuration
• 5810937 build: [email protected]
• f60afd5 build: [email protected]
• 5295b0c build: [email protected]
• 178daaf build: [email protected]
• 7b08641 build: [email protected]
• Additional commits viewable in compare view

Updates brace-expansion from 1.1.6 to 1.1.11

Release notes

Sourced from brace-expansion's releases.

v1.1.11

brace-expansion

Brace expansion, as known from sh/bash, in JavaScript.

Example

var expand = require('brace-expansion');
expand('file-{a,b,c}.jpg')
// => ['file-a.jpg', 'file-b.jpg', 'file-c.jpg']
expand('-v{,,}')
// => ['-v', '-v', '-v']
expand('file{0..2}.jpg')
// => ['file0.jpg', 'file1.jpg', 'file2.jpg']
expand('file-{a..c}.jpg')
// => ['file-a.jpg', 'file-b.jpg', 'file-c.jpg']
expand('file{2..0}.jpg')
// => ['file2.jpg', 'file1.jpg', 'file0.jpg']
expand('file{0..4..2}.jpg')
// => ['file0.jpg', 'file2.jpg', 'file4.jpg']
expand('file-{a..e..2}.jpg')
// => ['file-a.jpg', 'file-c.jpg', 'file-e.jpg']
expand('file{00..10..5}.jpg')
// => ['file00.jpg', 'file05.jpg', 'file10.jpg']
expand('{{A..C},{a..c}}')
// => ['A', 'B', 'C', 'a', 'b', 'c']
expand('ppp{,config,oe{,conf}}')
// => ['ppp', 'pppconfig', 'pppoe', 'pppoeconf']

API

... (truncated)

Commits

• e52ad1c Merge pull request #42 from juliangruber/greenkeeper/update-to-node-10
• fb4c692 Update to node 10 in .travis.yml
• 01a21de 1.1.11
• d7c93ee sponsors
• 54a6176 1.1.10
• 327c729 Merge pull request #40 from Parcley/add-license-1
• b6ba2e0 create LICENSE file
• 0f82dab 1.1.9
• acd1754 support
• 40ff02d Merge pull request #39 from EdwardBetts/spelling
• Additional commits viewable in compare view

Updates bson from 0.5.6 to 1.1.6

Release notes

Sourced from bson's releases.

1.1.6

The MongoDB Node.js team is pleased to announce version 1.1.6 of the bson module!

The BSON library was written prior to the invention of the BigInt type in Javascript ecosystem. As a result the library was not able to serialize the type properly and silently failed to correctly maintain the bigint value. With this update, the library will now throw an error if it detects a bigint value. However, we've also added to/fromBigInt helper methods to the long class, please note that numbers will be clamped to int64 bit width.

const bytes = BSON.serialize({ myBigNumber: Long.fromBigInt(23n) })
const doc = BSON.deserialize(bytes)
doc.myBigNumber.toBigInt() === 23n // true

New Feature

• [NODE-2378] - Return error when failing to serialize bigint type and add Long class helpers

Documentation

• API: https://github.com/mongodb/js-bson#readme
• Changelog: https://github.com/mongodb/js-bson/blob/master/HISTORY.md#change-log

We invite you to try the bson library immediately, and report any issues to the NODE project. Thanks very much to all the community members who contributed to this release!

v1.1.4

The MongoDB Node.js team is pleased to announce version 1.1.4 of the bson module!

This patch release resolves an issue with BSON serialization with invalid _bsontype, originally reported by @​xiaofen9. MongoDB will be issuing a CVE for this vulnerability, and we recommend that all users pin their version of the bson module to 1.1.4 or higher.

Release Notes

Changelog

Sourced from bson's changelog.

1.1.6 (2021-03-16)

Bug Fixes

• Throw error on bigint usage and add helpers to Long (#426) (375f368)

1.1.5 (2020-08-10)

Bug Fixes

• object-id: harden the duck-typing (b526145)

1.1.3 (2019-11-09)

Reverts 1.1.2

1.1.2 (2019-11-08)

Bug Fixes

• _bsontype: only check bsontype if it is a prototype member. (dd8a349)

1.1.1 (2019-03-08)

Bug Fixes

• object-id: support 4.x->1.x interop for MinKey and ObjectId (53419a5)

Features

• replace new Buffer with modern versions (24aefba)

1.1.0 (2018-08-13)

Bug Fixes

... (truncated)

Commits

• 6fc7a87 chore(release): 1.1.6
• 375f368 fix: Throw error on bigint usage and add helpers to Long (#426)
• 290dd6a chore(release): 1.1.5
• b526145 fix(object-id): harden the duck-typing
• 6e782da 1.1.4
• 3809c13 fix: throw if invalid _bsontype is detected
• e4de7b5 1.1.3
• 8de4140 Revert "fix(_bsontype): only check bsontype if it is a prototype member."
• 179e1ed 1.1.2
• dd8a349 fix(_bsontype): only check bsontype if it is a prototype member.
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by nbbeeken, a new releaser for bson since your current version.

Updates es5-ext from 0.10.12 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

---

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

---

Comparison since last release

0.10.62 (2022-08-02)

Maintenance Improvements

• Manifest improvements:
  • (#190) (b8dc53f)
  • (c51d552)

---

Comparison since last release

0.10.61 (2022-04-20)

Bug Fixes

• Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

• Bump dependencies (d7e0a61)

---

Comparison since last release

0.10.60 (2022-04-07)

Maintenance Improvements

• Improve postinstall script configuration (ab6b121)

---

... (truncated)

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

0.10.62 (2022-08-02)

Maintenance Improvements

• Manifest improvements:
  • (#190) (b8dc53f)
  • (c51d552)

0.10.61 (2022-04-20)

Bug Fixes

• Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

• Bump dependencies (d7e0a61)

0.10.60 (2022-04-07)

Maintenance Improvements

• Improve postinstall script configuration (ab6b121)

0.10.59 (2022-03-17)

Maintenance Improvements

• Improve manifest wording (#122) (eb7ae59)
• Update data in manifest (3d2935a)

0.10.58 (2022-03-11)

... (truncated)

Commits

• f76b03d chore: Release v0.10.64
• 2881acd chore: Bump dependencies
• c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
• 16f2b72 docs: Fix date in the changelog
• de4e03c chore: Release v0.10.63
• 3fd53b7 chore: Upgrade lint-staged to v13
• bf8ed79 chore: Ensure postinstall script does not crash on Windows
• 2cbbb07 chore: Bump dependencies
• 22d0416 chore: Bump LICENSE year
• a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
• Additional commits viewable in compare view

Updates extend from 3.0.0 to 3.0.2

Changelog

Sourced from extend's changelog.

3.0.2 / 2018-07-19

• [Fix] Prevent merging __proto__ property (#48)
• [Dev Deps] update eslint, @ljharb/eslint-config, tape
• [Tests] up to node v10.7, v9.11, v8.11, v7.10, v6.14, v4.9; use nvm install-latest-npm

3.0.1 / 2017-04-27

• [Fix] deep extending should work with a non-object (#46)
• [Dev Deps] update tape, eslint, @ljharb/eslint-config
• [Tests] up to node v7.9, v6.10, v4.8; improve matrix
• [Docs] Switch from vb.teelaun.ch to versionbadg.es for the npm version badge SVG.
• [Docs] Add example to readme (#34)

Commits

• 8d106d2 v3.0.2
• e97091f [Dev Deps] update tape
• e841aac [Tests] up to node v10.7
• 0e68e71 [Fix] Prevent merging proto property
• a689700 Only apps should have lockfiles
• f13c1c4 [Dev Deps] update eslint, @ljharb/eslint-config, tape
• f3570fe [Tests] up to node v10.0, v9.11, v8.11, v7.10, v6.14, v4.9; use...
• 138b515 v3.0.1
• 7e19a6f [Tests] up to node v7.9, v6.10, v4.8; improve matrix
• 0191e27 [Dev Deps] update tape, eslint, @ljharb/eslint-config
• Additional commits viewable in compare view

Updates forwarded from 0.1.0 to 0.2.0

Release notes

Sourced from forwarded's releases.

0.2.0

• Use req.socket over deprecated req.connection

0.1.2

• perf: improve header parsing
• perf: reduce overhead when no X-Forwarded-For header

0.1.1

• Fix trimming leading / trailing OWS
• perf: hoist regular expression

Changelog

Sourced from forwarded's changelog.

0.2.0 / 2021-05-31

• Use req.socket over deprecated req.connection

0.1.2 / 2017-09-14

• perf: improve header parsing
• perf: reduce overhead when no X-Forwarded-For header

0.1.1 / 2017-09-10

• Fix trimming leading / trailing OWS
• perf: hoist regular expression

Commits

• 93d2f4c 0.2.0
• 815fd47 build: add version script for npm version releases
• fd5c99f build: use GitHub Actions instead of Travis CI
• 83df24a build: [email protected]
• 9cc1690 build: [email protected]
• 78495b8 build: [email protected]
• 8844b1f build: [email protected]
• 8de09eb build: support Node.js 16.x
• 63a16a6 Use req.socket over deprecated req.connection
• d56b75b tests: fix test name
• Additional commits viewable in compare view

Updates is-my-json-valid from 2.15.0 to 2.20.6

Commits

• 58d30cb 2.20.6
• f76edf0 Merge pull request #188 from axelniklasson/master
• 4eef089 Upgrade jsonpointer to address security vulnerability
• 441f812 2.20.5
• d36a1b1 Merge pull request #182 from ChALkeR/chalker/fix-comma
• b6ea484 Fix uri prefix detection
• 5389c5b Merge pull request #181 from ChALkeR/chalker/fix-undef
• df5b313 add funding file
• c224619 Fix 'required' implementation
• 2534af4 2.20.4
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by linusu, a new releaser for is-my-json-valid since your current version.

Updates js-yaml from 3.7.0 to 3.14.1

Changelog

Sourced from js-yaml's changelog.

[3.14.1] - 2020-12-07

Security

• Fix possible code execution in (already unsafe) .load() (in &anchor).

[3.14.0] - 2020-05-22

Changed

• Support safe/loadAll(input, options) variant of call.
• CI: drop outdated nodejs versions.
• Dev deps bump.

Fixed

• Quote = in plain scalars #519.
• Check the node type for !<?> tag in case user manually specifies it.
• Verify that there are no null-bytes in input.
• Fix wrong quote position when writing condensed flow, #526.

[3.13.1] - 2019-04-05

Security

• Fix possible code execution in (already unsafe) .load(), #480.

[3.13.0] - 2019-03-20

Security

• Security fix: safeLoad() can hang when arrays with nested refs used as key. Now throws exception for nested arrays. #475.

[3.12.2] - 2019-02-26

Fixed

• Fix noArrayIndent option for root level, #468.

[3.12.1] - 2019-01-05

Added

• Added noArrayIndent option, #432.

[3.12.0] - 2018-06-02

Changed

• Support arrow functions without a block statement, #421.

[3.11.0] - 2018-03-05

Added

• Add arrow functions suport for !!js/function.

Fixed

• Fix dump in bin/octal/hex formats for negative integers, #399.

... (truncated)

Commits

• 37caaad 3.14.1 released
• 094c0f7 dist rebuild
• 9586ebe Avoid calling hasOwnProperty of user-controlled objects
• 34e5072 3.14.0 released
• 7b25c83 Browser files rebuild
• 6f73473 Dev deps bump
• 0c29349 Travis-CI: drop old nodejs versions
• 10be97e fix(loader): Add support for safe/loadAll(input, options)
• d6983dd Fix issue #526: wrong quote position writing condensed flow (#527)
• 93fbf7d fix issue 526 (wrong quote position writing condensed flow)
• Additional commits viewable in compare view

Updates jsonpointer from 4.0.0 to 5.0.1

Release notes

Sourced from jsonpointer's releases.

Version 5.0.1

Changelog

• Fix incorrect typings for compile get/set methods (#58, thanks to @​haakemon)
• Fix null values throwing exception when traversing over while getting (#50, thanks to @​reckter)
• Fix tests for null and undefined assertions (janl/node-jsonpointer@a5706e8)

v5.0.0

5.0.0 (2021-10-31)

Bug Fixes

• Fix prototype pollution (#51)

  • The original, non-mutated objects are now returned if any of the keys __proto__, constructor or prototype are used in a json pointer.

  // returns the unmodified input {}
  jsonpointer.set({}, '/foo/__proto__/boo', 'polluted')

  • When passing non-string arrays to a .set operation, an error is thrown:

  // throws `new Error('Invalid JSON pointer. Must be of type string or number.')`
  jsonpointer.set({}, [['__proto__'], ['__proto__'], 'boo'], 'polluted')

v4.1.0

4.1.0 (2020-07-03)

Bug Fixes

• prototype pollution (234e343)

Features

• docs: thank contributors (b67e402)
• docs: use npm test (ad96a94)
• re-add semantic release (49b7074)

Version 4.0.1

Whitelist production relevant files in package.json. This decreases the npm package size a bit. janl/node-jsonpointer#26

Commits

• 4a253c0 Adopt strictEqual changes and only return null when the get succeeded
• bad4983 Fix null values throwing exception when traversing over while getting
• a5706e8 test: Always use strictEqual to ensure null and undefined values are asserted...
• b8e1e6a fix incorrect typings for compile get/set methods
• c4de620 Merge pull request #53 from janl/release/5.0.0
• 8dbf304 feat: v5
• 84cf173 Merge pull request #52 from janl/fix/test
• f716e5c chore: more rip travis
• e2ae355 chore: remove comment
• d23693b chore: update primary branch
• Additional commits viewable in