Bump the npm_and_yarn group across 1 directory with 19 updates

[dependabot]

Bumps the npm_and_yarn group with 15 updates in the / directory:

Package	From	To
axios	0.21.1	0.28.0
@babel/traverse	7.14.5	7.25.3
ansi-regex	5.0.0	5.0.1
async	2.6.3	2.6.4
braces	3.0.2	3.0.3
@types/browser-sync	2.26.1	2.29.0
browserify-sign	4.2.1	4.2.3
elliptic	6.5.4	6.5.7
express	4.17.1	4.19.2
follow-redirects	1.14.1	1.15.6
json5	2.2.0	2.2.3
json5	1.0.1	2.2.3
minimist	1.2.5	1.2.8
nanoid	3.1.23	3.3.7
node-forge	0.10.0	1.3.1
laravel-mix	6.0.19	6.0.49

Updates axios from 0.21.1 to 0.28.0

Release notes

Sourced from axios's releases.

Release v0.28.0

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• Fixing content-type header repeated #4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#4735)
• URL params serializer (#4734)
• Fixed toFormData Blob issue on node>v17 #4728
• Adding types for progress event callbacks #4675
• Fixed max body length defaults #4731
• Added data URL support for node.js (#4725)
• Added isCancel type assert (#4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
• Add string[] to AxiosRequestHeaders type (#4322)
• Allow type definition for axios instance methods (#4224)
• Fixed AxiosError stack capturing; (#4718)
• Fixed AxiosError status code type; (#4717)
• Adding Canceler parameters config and request (#4711)
• fix(types): allow to specify partial default headers for instance creation (#4185)
• Added blob to the list of protocols supported by the browser (#4678)
• Fixing Z_BUF_ERROR when no content (#4701)
• Fixed race condition on immediate requests cancellation (#4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
• Fix TS definition for AxiosRequestTransformer (#4201)
• Use type alias instead of interface for AxiosPromise (#4505)
• Include request and config when creating a CanceledError instance (#4659)
• Added generic TS types for the exposed toFormData helper (#4668)
• Optimized the code that checks cancellation (#4587)
• Replaced webpack with rollup (#4596)
• Added stack trace to AxiosError (#4624)
• Updated AxiosError.config to be optional in the type definition (#4665)
• Removed incorrect argument for NetworkError constructor (#4656)

v0.27.2

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #3785 (#4640)
• Enhanced protocol parsing implementation (#4639)
• Fixed bundle size

v0.27.1

Fixes and Functionality:

• Removed import of url module in browser build due to huge size overhead and builds being broken (#4594)
• Bumped follow-redirects to ^1.14.9 (#4615)

... (truncated)

Changelog

Sourced from axios's changelog.

0.28.0 (2024-02-12)

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• Fixing content-type header repeated #4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#4735)
• URL params serializer (#4734)
• Fixed toFormData Blob issue on node>v17 #4728
• Adding types for progress event callbacks #4675
• Fixed max body length defaults #4731
• Added data URL support for node.js (#4725)
• Added isCancel type assert (#4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#4721)
• Add string[] to AxiosRequestHeaders type (#4322)
• Allow type definition for axios instance methods (#4224)
• Fixed AxiosError stack capturing; (#4718)
• Fixed AxiosError status code type; (#4717)
• Adding Canceler parameters config and request (#4711)
• fix(types): allow to specify partial default headers for instance creation (#4185)
• Added blob to the list of protocols supported by the browser (#4678)
• Fixing Z_BUF_ERROR when no content (#4701)
• Fixed race condition on immediate requests cancellation (#4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance axios/axios#4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#4229)
• Fix TS definition for AxiosRequestTransformer (#4201)
• Use type alias instead of interface for AxiosPromise (#4505)
• Include request and config when creating a CanceledError instance (#4659)
• Added generic TS types for the exposed toFormData helper (#4668)
• Optimized the code that checks cancellation (#4587)
• Replaced webpack with rollup (#4596)
• Added stack trace to AxiosError (#4624)
• Updated AxiosError.config to be optional in the type definition (#4665)
• Removed incorrect argument for NetworkError constructor (#4656)

0.27.2 (April 27, 2022)

Fixes and Functionality:

• Fixed FormData posting in browser environment by reverting #3785 (#4640)
• Enhanced protocol parsing implementation (#4639)
• Fixed bundle size

0.27.1 (April 26, 2022)

... (truncated)

Commits

• 3b7635a [Release] v0.28.0 (#6211)
• 27c0076 feat(backport): added ability for paramsSerializer to handle function; (#6227)
• 80c3d74 chore(ci): backported publish action; (#6224)
• 2755df5 fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to ...
• 880b42e docs: Fix a typo in README
• c4bf0a4 Allow null indexes on formSerializer and paramsSerializer v0.x (#4961)
• 1e2679f fix: [Types] Type of header in AxiosRequestConfig / for Axios.create is incor...
• 80b546c fix: loosing request header (#4858) (#4871)
• 6acb5ef feat: brower platform add data protocol. (#4814)
• bbb2264 fix(typing): axios response headers can be undefined (#4813)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jasonsaayman, a new releaser for axios since your current version.

Updates @babel/traverse from 7.14.5 to 7.25.3

Release notes

Sourced from @​babel/traverse's releases.

v7.25.3 (2024-07-31)

🐛 Bug Fix

• babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-traverse
  • #16699 Avoid validating visitors produced by traverse.visitors.merge (@​nicolo-ribaudo)

🏠 Internal

• babel-parser
  • #16688 Add @babel/types as a dependency of @babel/parser (@​nicolo-ribaudo)

Committers: 2

• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)

v7.25.2 (2024-07-30)

🐛 Bug Fix

• babel-core, babel-traverse
  • #16695 Ensure that requeueComputedKeyAndDecorators is available (@​nicolo-ribaudo)

Committers: 2

• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)

v7.25.1 (2024-07-28)

🐛 Bug Fix

• babel-plugin-transform-function-name
  • #16683 fix: ensureFunctionName may be undefined (@​liuxingbaoyu)
• babel-plugin-transform-react-constant-elements
  • #16582 fix plugin-transform-react-constant-elements transform JSXFrament but not add JSXExpressionContainer (@​keiseiTi)
• babel-traverse
  • #16587 fix: fixed issue16583 + test (@​nerodesu017)

🏠 Internal

• #16663 Test eslint plugin against eslint 9 (@​JLHwung)

Committers: 4

• Adrian (@​nerodesu017)
• Huáng Jùnliàng (@​JLHwung)
• @​keiseiTi
• @​liuxingbaoyu

v7.25.0 (2024-07-26)

Thanks @​davidtaylorhq and @​slatereax for your first PR!

You can find the release blog post with some highlights at https://babeljs.io/blog/2024/07/26/7.25.0.

👓 Spec Compliance

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.25.3 (2024-07-31)

🐛 Bug Fix

• babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-traverse
  • #16699 Avoid validating visitors produced by traverse.visitors.merge (@​nicolo-ribaudo)

🏠 Internal

• babel-parser
  • #16688 Add @babel/types as a dependency of @babel/parser (@​nicolo-ribaudo)

v7.25.2 (2024-07-30)

🐛 Bug Fix

• babel-core, babel-traverse
  • #16695 Ensure that requeueComputedKeyAndDecorators is available (@​nicolo-ribaudo)

v7.25.1 (2024-07-28)

🐛 Bug Fix

• babel-plugin-transform-function-name
  • #16683 fix: ensureFunctionName may be undefined (@​liuxingbaoyu)
• babel-plugin-transform-react-constant-elements
  • #16582 fix plugin-transform-react-constant-elements transform JSXFrament but not add JSXExpressionContainer (@​keiseiTi)
• babel-traverse
  • #16587 fix: fixed issue16583 + test (@​nerodesu017)

🏠 Internal

• #16663 Test eslint plugin against eslint 9 (@​JLHwung)

v7.25.0 (2024-07-26)

👓 Spec Compliance

• babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
  • #16537 await using normative updates (@​JLHwung)
• babel-plugin-transform-typescript
  • #16602 Ensure enum members syntactically determinable to be strings do not get reverse mappings (@​liuxingbaoyu)

🚀 New Feature

• babel-helper-create-class-features-plugin, babel-helper-function-name, babel-helper-plugin-utils, babel-helper-wrap-function, babel-plugin-bugfix-safari-class-field-initializer-scope, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-transform-classes, babel-plugin-transform-function-name, babel-preset-env, babel-traverse, babel-types
  • #16658 Move ensureFunctionName to NodePath.prototype (@​nicolo-ribaudo)
• babel-helper-hoist-variables, babel-helper-plugin-utils, babel-plugin-proposal-async-do-expressions, babel-plugin-transform-modules-systemjs, babel-traverse
  • #16644 Move hoistVariables to Scope.prototype (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helper-module-transforms, babel-helper-plugin-utils, babel-helper-split-export-declaration, babel-plugin-transform-classes, babel-traverse, babel-types
  • #16645 Move splitExportDeclaration to NodePath.prototype (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-helper-environment-visitor, babel-helper-module-transforms, babel-helper-plugin-utils, babel-helper-remap-async-to-generator, babel-helper-replace-supers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-transform-async-generator-functions, babel-plugin-transform-classes, babel-traverse
  • #16649 Move environment-visitor helper into @babel/traverse (@​nicolo-ribaudo)
• babel-core, babel-parser
  • #16480 Expose wether a module has TLA or not as .extra.async (@​nicolo-ribaudo)
• babel-compat-data, babel-plugin-bugfix-safari-class-field-initializer-scope, babel-preset-env
  • #16569 Introduce bugfix-safari-class-field-initializer-scope (@​davidtaylorhq)
• babel-plugin-transform-block-scoping, babel-traverse, babel-types
  • #16551 Add NodePath#getAssignmentIdentifiers (@​JLHwung)
• babel-helper-import-to-platform-api, babel-plugin-proposal-json-modules

... (truncated)

Commits

• 787c7cd v7.25.3
• 992c6e0 Avoid validating visitors produced by traverse.visitors.merge (#16699)
• 44efb5f print @​babel/traverse version on unknown AST types (#16701)
• 0f8f408 v7.25.2
• 6a15d7a Ensure that requeueComputedKeyAndDecorators is available (#16695)
• 2413d1a Add eslint-plugin-regexp (#16680)
• 6bfc823 v7.25.1
• 801d3cb fix: improve variable declarator removal (#16587)
• d2e3ee2 v7.25.0
• d364545 Move ensureFunctionName to NodePath.prototype (#16658)
• Additional commits viewable in compare view

Updates ansi-regex from 5.0.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

• Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

Commits

• a9babce 5.0.1
• 4657833 fix incorrect format
• c3c0b3f Fix potential ReDoS (#37)
• 178363b Move to GitHub Actions (#35)
• 0755e66 Add @​Qix- to funding.yml
• See full diff in compare view

Updates async from 2.6.3 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

• Fix potential prototype pollution exploit (#1828)

Commits

• c6bdaca Version 2.6.4
• 8870da9 Update built files
• 4df6754 update changelog
• 8f7f903 Fix prototype pollution vulnerability (#1828)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates @types/browser-sync from 2.26.1 to 2.29.0

Commits

• See full diff in compare view

Updates browserify-sign from 4.2.1 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

• [patch] widen support to 0.12 9247adf
• [patch] drop minimum node support to v1 4d0ee49
• [Dev Deps] update aud, npmignore, tape 87f3a35
• [actions] remove redundant finisher 37a4758
• [Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12
• [Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)
• [Deps] update elliptic fb261ce
• [Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

• [Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

• Only apps should have lockfiles 09a8995
• [eslint] switch to eslint 83fe463
• [meta] add npmignore and auto-changelog 4418183
• [meta] fix package.json indentation 9ac5a5e
• [Tests] migrate from travis to github actions d845d85
• [Fix] sign: throw on unsupported padding scheme 8767739
• [Fix] properly check the upper bound for DSA signatures 85994cd
• [Tests] handle openSSL not supporting a scheme f5f17c2
• [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
• [Dev Deps] update nyc, standard, tape cc5350b
• [Tests] always run coverage; downgrade nyc 75ce1d5
• [meta] add safe-publish-latest dcf49ce
• [Tests] add npm run posttest 75dd8fd
• [Dev Deps] update tape 3aec038
• [Tests] skip unsupported schemes 703c83e
• [Tests] node < 6 lacks array includes 3aa43cf
• [Dev Deps] fix eslint range 98d4e0d

Commits

• bf2c3ec v4.2.3
• 9247adf [patch] widen support to 0.12
• f427270 [Deps] update `parse-asn1
• 87f3a35 [Dev Deps] update aud, npmignore, tape
• fb261ce [Deps] update elliptic
• 4d0ee49 [patch] drop minimum node support to v1
• 9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
• 168e16f [Deps] pin elliptic due to a breaking change
• 37a4758 [actions] remove redundant finisher
• 4af5a90 v4.2.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates elliptic from 6.5.4 to 6.5.7

Commits

• 3e46a48 6.5.7
• accb61e lib: DER signature decoding correction
• 03e06e1 6.5.6
• 7ac5360 Merge commit from fork
• 7570078 6.5.5
• 206da2e lib: lint
• 0a78e03 [Fix] restore node < 4 compat
• See full diff in compare view

Updates express from 4.17.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates follow-redirects from 1.14.1 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates json5 from 2.2.0 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

Commits

• c3a7524 2.2.3
• 94fd06d docs: update CHANGELOG for v2.2.3
• 3b8cebf docs(security): use GitHub security advisories
• f0fd9e1 docs: publish a security policy
• 6a91a05 docs(template): bug -> bug report
• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• Additional commits viewable in compare view

Updates json5 from 1.0.1 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

Commits

• c3a7524 2.2.3
• 94fd06d docs: update CHANGELOG for v2.2.3
• 3b8cebf docs(security): use GitHub security advisories
• f0fd9e1 docs: publish a security policy
• 6a91a05 docs(template): bug -> bug report
• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• Additional commits viewable in compare view

Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

• [Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)
• [Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)
• [Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

• [Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)
• [Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)
• [Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)
• [Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)
• [Tests] Remove duplicate test