Bump the npm_and_yarn group across 1 directory with 8 updates

[dependabot]

Bumps the npm_and_yarn group with 4 updates in the / directory: node-sass, postcss, shell-quote and tough-cookie.

Updates node-sass from 5.0.0 to 7.0.0

Release notes

Sourced from node-sass's releases.

v7.0.0

Breaking changes

• Drop support for Node 15 (@​nschonni)
• Set rejectUnauthorized to true by default (@​scott-ut, #3149)

Features

• Add support for Node 17 (@​nschonni)

Dependencies

• Bump eslint from 7.32.0 to 8.0.0 (@​nschonni, #3191)
• Bump fs-extra from 0.30.0 to 10.0.0 (@​nschonni, #3102)
• Bump npmlog from 4.1.2 to 5.0.0 (@​nschonni, #3156)
• Bump chalk from 1.1.3 to 4.1.2 (@​nschonni, #3161)

Community

• Remove double word "support" from documentation (@​pzrq, #3159)

Misc

• Bump various GitHub Actions dependencies (@​nschonni)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	12, 14, 16, 17
OSX	x64	12, 14, 16, 17
Linux*	x64	12, 14, 16, 17
Alpine Linux	x64	12, 14, 16, 17
FreeBSD	i386 amd64	12, 14

*Linux support refers to major distributions like Ubuntu, and Debian

v6.0.1

Dependencies

• Remove mkdirp (@​jimmywarting, #3108)
• Bump meow to 9.0.0 (@​ykolbin, #3125)
• Bump mocha to 9.0.1 (@​xzyfer, #3134)

Misc

• Use default Apline version from docker-node (@​nschonni, #3121)

Supported Environments

... (truncated)

Commits

• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
• bfa1a3c build(deps): bump actions/setup-node from 2.4.0 to 2.4.1
• 80d6c00 chore: Windows x86 on GitHub Actions (#3041)
• 566dc27 build(deps-dev): bump fs-extra from 0.30.0 to 10.0.0 (#3102)
• 7bb5157 build(deps): bump npmlog from 4.1.2 to 5.0.0 (#3156)
• 2efb38f build(deps): bump chalk from 1.1.3 to 4.1.2 (#3161)
• Additional commits viewable in compare view

Updates postcss from 8.2.7 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by @​romainmenke).

8.4.29

• Fixed Node#source.offset (by @​idoros).
• Fixed docs (by @​coliff).

8.4.28

• Fixed Root.source.end for better source map (by @​romainmenke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by @​romainmenke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by @​remcohaszing).

8.4.21

• Fixed Input#error types (by @​hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by @​romainmenke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

8.4.17

• Fixed Node.before() unexpected behavior (by @​romainmenke).
• Added TOC to docs (by @​muddv).

8.4.16

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by Romain Menke).

8.4.29

• Fixed Node#source.offset (by Ido Rosenthal).
• Fixed docs (by Christian Oliff).

8.4.28

• Fixed Root.source.end for better source map (by Romain Menke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by Romain Menke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

• Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

• Fixed Node.before() unexpected behavior (by Romain Menke).
• Added TOC to docs (by Mikhail Dedov).

8.4.16

... (truncated)

Commits

• 90208de Release 8.4.31 version
• 58cc860 Fix carrier return parsing
• 4fff8e4 Improve pnpm test output
• cd43ed1 Update dependencies
• caa916b Update dependencies
• 8972f76 Typo
• 11a5286 Typo
• 45c5501 Release 8.4.30 version
• bc3c341 Update linter
• b2be58a Merge pull request #1881 from romainmenke/improve-sourcemap-performance--phil...
• Additional commits viewable in compare view

Updates json-schema from 0.2.3 to 0.4.0

Commits

• f6f6a3b Use a little more robust method of checking instances
• ef60987 Update version
• b62f1da Protect against constructor modification, #84
• fb427cd Link to json-schema-org repository in addition to site, fixes #54
• 22f1461 Don't allow proto property to be used for schema default/coerce, fixes #84
• c52a27c Get basic test to pass
• b3f42b3 Add security policy
• 3b0cec3 Update version
• c28470f Update readme to acknowledge the state of the package
• 7dff9cd Merge pull request #81 from hodovani/patch-1
• Additional commits viewable in compare view

Updates nanoid from 3.1.20 to 3.3.7

Changelog

Sourced from nanoid's changelog.

3.3.7

• Fixed node16 TypeScript support (by Saadi Myftija).

3.3.6

• Fixed package.

3.3.5

• Backport funding information.

3.3.4

• Fixed --help in CLI (by @​Lete114).

3.3.3

• Reduced size (by Anton Khlynovskiy).

3.3.2

• Fixed enhanced-resolve support.

3.3.1

• Reduced package size.

3.3

• Added size argument to function from customAlphabet (by Stefan Sundin).

3.2

• Added --size and --alphabet arguments to binary (by Vitaly Baev).

3.1.32

• Reduced async exports size (by Artyom Arutyunyan).
• Moved from Jest to uvu (by Vitaly Baev).

3.1.31

• Fixed collision vulnerability on object in size (by Artyom Arutyunyan).

3.1.30

• Reduced size for project with brotli compression (by Anton Khlynovskiy).

3.1.29

• Reduced npm package size.

3.1.28

• Reduced npm package size.

3.1.27

• Cleaned dependencies from development tools.

3.1.26

• Improved performance (by Eitan Har-Shoshanim).
• Reduced npm package size.

... (truncated)

Commits

• 89d82d2 Release 3.3.7 version
• 5022c35 Update dual-publish
• 3e7a8e5 Remove benchmark from CI for v3
• d356144 Fix CI for v3
• 37b25df Move to pnpm 8
• d96f392 Release 3.3.6 version
• 8210dfb Release 3.3.5 version
• f083d01 Backport funding option
• 9a967ea Update dependencies
• 21728dc Update IE polyfill to fix last improve with reduce (#362)
• Additional commits viewable in compare view

Updates qs from 6.5.2 to 6.5.3

Changelog

Sourced from qs's changelog.

6.5.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] correctly parse nested arrays
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Refactor] utils: reduce observable [[Get]]s
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [Refactor] parse: only need to reassign the var once
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] always use String(x) over x.toString()
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

Commits

• 298bfa5 v6.5.3
• ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
• 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
• 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
• 12ac1c4 [meta] fix README.md (#399)
• 0338716 [actions] backport actions from main
• 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
• 51b8a0b add FUNDING.yml
• 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
• f814a7f [Dev Deps] backport from main
• Additional commits viewable in compare view

Updates shell-quote from 1.7.2 to 1.8.1

Changelog

Sourced from shell-quote's changelog.

v1.8.1 - 2023-04-07

Fixed

• [Fix] parse: preserve whitespace in comments [#6](https://github.com/ljharb/shell-quote/issues/6)
• [Fix] properly support the escape option [#5](https://github.com/ljharb/shell-quote/issues/5)

Commits

• [Refactor] parse: hoist getVar to module level b42ac73
• [Refactor] hoist some vars to module level 8f0c5c3
• [Refactor] parse: use slice over substr, cache some values fcb2e1a
• [Refactor] parse: a bit of cleanup 6780ec5
• [Refactor] parse: tweak the regex to not match nothing 227d474
• [Tests] increase coverage a66de94
• [Refactor] parse: avoid shadowing a function arg 1d58679

v1.8.0 - 2023-01-30

Commits

• [New] extract parse and quote to their own deep imports 553fdfc
• [Tests] add nyc coverage fd7ddcd
• [New] Add support for here strings (<<<) 9802fb3
• [New] parse: Add syntax support for duplicating input file descriptors 216b198
• [Dev Deps] update @ljharb/eslint-config, aud, tape 85f8e31
• [Tests] add evalmd c5549fc
• [actions] update checkout action 62e9b49

v1.7.4 - 2022-10-12

Merged

• Add node_modules to .gitignore [#48](https://github.com/ljharb/shell-quote/issues/48)

Commits

• [eslint] fix indentation and whitespace aaa9d1f
• [eslint] additional cleanup 397cb62
• [meta] add auto-changelog 497fca5
• [actions] add reusable workflows 4763c36
• [eslint] add eslint 6ee1437
• [readme] rename, add badges 7eb5134
• [meta] update URLs 67381b6
• [meta] create FUNDING.yml; add funding in package.json 8641572
• [meta] use npmignore to autogenerate an npmignore file 2e2007a
• Only apps should have lockfiles f97411e
• [Dev Deps] update tape 051f608
• [meta] add safe-publish-latest 18cadf9
• [Tests] add aud in posttest dc1cc12

... (truncated)

Commits

• da8a3ab v1.8.1
• a66de94 [Tests] increase coverage
• b42ac73 [Refactor] parse: hoist getVar to module level
• fcb2e1a [Refactor] parse: use slice over substr, cache some values
• ecf2a60 [Fix] parse: preserve whitespace in comments
• 1d58679 [Refactor] parse: avoid shadowing a function arg
• 6780ec5 [Refactor] parse: a bit of cleanup
• 227d474 [Refactor] parse: tweak the regex to not match nothing
• 7bcd90e [Fix] properly support the escape option
• 8f0c5c3 [Refactor] hoist some vars to module level
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for shell-quote since your current version.

Updates tar from 6.1.0 to 6.2.1

Release notes

Sourced from tar's releases.

v6.1.13

6.1.13 (2022-12-07)

Dependencies

• cc4e0dd #343 bump minipass from 3.3.6 to 4.0.0

v6.1.12

6.1.12 (2022-10-31)

Bug Fixes

• 57493ee #332 ensuring close event is emited after stream has ended (@​webark)
• b003c64 #314 replace deprecated String.prototype.substr() (#314) (@​CommanderRoot, @​lukekarrys)

Documentation

• f129929 #313 remove dead link to benchmarks (#313) (@​yetzt)
• c1faa9f add examples/explanation of using tar.t (@​isaacs)

Changelog

Sourced from tar's changelog.

Changelog

7.0

• Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
• Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
• Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
• Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

6.2

• Add support for brotli compression
• Add maxDepth option to prevent extraction into excessively deep folders.

6.1

• remove dead link to benchmarks (#313) (@​yetzt)
• add examples/explanation of using tar.t (@​isaacs)
• ensure close event is emited after stream has ended (@​webark)
• replace deprecated String.prototype.substr() (@​CommanderRoot, @​lukekarrys)

6.0

• Drop support for node 6 and 8
• fix symlinks and hardlinks on windows being packed with \-style path targets

5.0

• Address unpack race conditions using path reservations
• Change large-numbers errors from TypeError to Error
• Add TAR_* error codes
• Raise TAR_BAD_ARCHIVE warning/error when there are no valid entries found in an archive
• do not treat ignored entries as an invalid archive
• drop support for node v4
• unpack: conditionally use a file mapping to write files on Windows
• Set more portable 'mode' value in portable mode
• Set portable gzip option in portable mode

... (truncated)

Commits

• bef7b1e 6.2.1
• fe8cd57 prevent extraction in excessively deep subfolders
• fe7ebfd remove security.md
• 5bc9d40 6.2.0
• fe1ef5e changelog 6.2
• e483220 get rid of npm lint stuff
• 689928a ci that works outside of npm org
• db6f539 file inference improvements for .tbr and .tgz
• 336fa8f refactor: dry and other pr comments
• eeba222 chore: lint fixes
• Additional commits viewable in compare view

Removes tough-cookie

Updates node-sass from 7.0.0 to 9.0.0

Release notes

Sourced from node-sass's releases.

v7.0.0

Breaking changes

• Drop support for Node 15 (@​nschonni)
• Set rejectUnauthorized to true by default (@​scott-ut, #3149)

Features

• Add support for Node 17 (@​nschonni)

Dependencies

• Bump eslint from 7.32.0 to 8.0.0 (@​nschonni, #3191)
• Bump fs-extra from 0.30.0 to 10.0.0 (@​nschonni, #3102)
• Bump npmlog from 4.1.2 to 5.0.0 (@​nschonni, #3156)
• Bump chalk from 1.1.3 to 4.1.2 (@​nschonni, #3161)

Community

• Remove double word "support" from documentation (@​pzrq, #3159)

Misc

• Bump various GitHub Actions dependencies (@​nschonni)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	12, 14, 16, 17
OSX	x64	12, 14, 16, 17
Linux*	x64	12, 14, 16, 17
Alpine Linux	x64	12, 14, 16, 17
FreeBSD	i386 amd64	12, 14

*Linux support refers to major distributions like Ubuntu, and Debian

v6.0.1

Dependencies

• Remove mkdirp (@​jimmywarting, #3108)
• Bump meow to 9.0.0 (@​ykolbin, #3125)
• Bump mocha to 9.0.1 (@​xzyfer, #3134)

Misc

• Use default Apline version from docker-node (@​nschonni, #3121)

Supported Environments

... (truncated)

Commits

• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
• bfa1a3c build(deps): bump actions/setup-node from 2.4.0 to 2.4.1
• 80d6c00 chore: Windows x86 on GitHub Actions (#3041)
• 566dc27 build(deps-dev): bump fs-extra from 0.30.0 to 10.0.0 (#3102)
• 7bb5157 build(deps): bump npmlog from 4.1.2 to 5.0.0 (#3156)
• 2efb38f build(deps): bump chalk from 1.1.3 to 4.1.2 (#3161)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.