build(deps): bump micromatch and hexo

[dependabot[bot]]

Bumps micromatch to 4.0.8 and updates ancestor dependency hexo. These dependencies need to be updated together.

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

• this is basically v4.0.5, with some README updates
• it is vulnerable to CVE-2024-4067
• Updated braces to v3.0.3 to avoid CVE-2024-4068
• does NOT break API compatibility

[4.0.6] - 2024-05-21

• Added hasBraces to check if a pattern contains braces.
• Fixes CVE-2024-4067
• BREAKS API COMPATIBILITY
• Should be labeled as a major release, but it's not.

Commits

• 8bd704e 4.0.8
• a0e6841 run verb to generate README documentation
• 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
• 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
• 814f5f7 lint
• 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
• 113f2e3 fix: CVE numbers in CHANGELOG
• d9dbd9a feat: updated CHANGELOG
• 2ab1315 fix: use actions/setup-node@v4
• 1406ea3 feat: rework test to work on macos with node 10,12 and 14
• Additional commits viewable in compare view

Updates hexo from 3.9.0 to 6.3.0

Release notes

Sourced from hexo's releases.

6.3.0

New Features

• feat(tag/post_link): throw on post_link error by @​xbc5 in hexojs/hexo#4938
• feat(tag/include_code): robust for url compuation of view raw by @​stevenjoezhang in hexojs/hexo#4996
• feat(paginator): allow custom class name by @​renbaoshuo in hexojs/hexo#5001
• feat(helper/toc): more flexible class name by @​renbaoshuo in hexojs/hexo#5010
• feat(helper/tagcloud): show_count option (#5047) by @​renbaoshuo in hexojs/hexo#5048
• feat(tag/code): add language_attrhexojs/hexo-util#278@​renbaoshuo in hexojs/hexo#5017
• feat(helper/is): add is_home_first_page() helper by @​renbaoshuo in hexojs/hexo#5006

Improvements

• let post_link use original post title as title attribute by @​ppwwyyxx in hexojs/hexo#4973

Fixes

• fix(hexo/index): db.json file path in debug logging on Windows by @​stevenjoezhang in hexojs/hexo#4994
• fix(tag): show source file in unformatted error message by @​curbengh in hexojs/hexo#5031
• Don't use data-uri for og:image by @​KentarouTakeda in hexojs/hexo#5053

Refactors

• refactor(helper/open_graph): use whatwg url api by @​renbaoshuo in hexojs/hexo#5007
• chore(mail_to): use native URLSearchParams by @​renbaoshuo in hexojs/hexo#5002

Test

• test: replace nyc with c8 by @​stevenjoezhang in hexojs/hexo#5040
• chore(test/extend/tag): async function (#3328) by @​renbaoshuo in hexojs/hexo#5003

CI/CD

• chore: Set permissions for GitHub actions by @​neilnaveen in hexojs/hexo#4947
• chore: delete release-drafter by @​yoshinorin in hexojs/hexo#5044
• chore: improved benchmark result in github actions by @​renbaoshuo in hexojs/hexo#5013

Dependencies

• chore(deps): bump hexo-util and warehouse by @​yoshinorin in hexojs/hexo#5028
• chore(deps): bump hexo-log from 3.0.0 to 3.2.0 by @​yoshinorin in hexojs/hexo#5054

Misc

• Update license year by @​renbaoshuo in hexojs/hexo#5041
• chore: update issue template by @​yoshinorin in hexojs/hexo#5030
• chore: update .gitignore by @​yoshinorin in hexojs/hexo#4967

New Contributors

... (truncated)

Commits

• 4d42d9d release: 6.3.0 (#5043)
• 16e189f chore(deps): bump hexo-log from 3.0.0 to 3.2.0 (#5054)
• 06a8ebb fix(#5053): exclude data-uri image for og:image (#5053)
• 6deeb8d feat(tag/code): add language_attrhexojs/hexo-util#278#5017)
• d9e5f2e feat(helper/tagcloud): show_count option (#5047) (#5048)
• d95d297 chore: delete release-drafter (#5044)
• 354f1f1 Update license year (#5041)
• e44b48c feat(tag/post_link): use original post title as title attribute (#4973)
• a2fc8c0 test: replace nyc with c8 (#5040)
• b48f095 fix(tag): show source file in unformatted error message (#5031)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by yoshinorin, a new releaser for hexo since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.