Bump debug, grunt-contrib-connect, grunt-contrib-watch, grunt-usemin and karma

[dependabot[bot]]

Bumps debug to 2.6.9 and updates ancestor dependencies debug, grunt-contrib-connect, grunt-contrib-watch, grunt-usemin and karma. These dependencies need to be updated together.

Updates debug from 2.2.0 to 2.6.9

Release notes

Sourced from debug's releases.

2.6.9

Patches

• Remove ReDoS regexp in %o formatter: #504

Credits

Huge thanks to @​zhuangya for their help!

release 2.6.7

No release notes provided.

release 2.6.6

No release notes provided.

release 2.6.5

No release notes provided.

release 2.6.4

No release notes provided.

release 2.6.3

No release notes provided.

release 2.6.2

No release notes provided.

release 2.6.1

No release notes provided.

release 2.6.0

No release notes provided.

release 2.5.2

No release notes provided.

release 2.5.1

No release notes provided.

release 2.4.5

No release notes provided.

release 2.4.4

No release notes provided.

release 2.4.3

No release notes provided.

release 2.4.2

No release notes provided.

... (truncated)

Changelog

Sourced from debug's changelog.

2.6.9 / 2017-09-22

• remove ReDoS regexp in %o formatter (#504)

2.6.8 / 2017-05-18

• Fix: Check for undefined on browser globals (#462, @​marbemac)

2.6.7 / 2017-05-16

• Fix: Update ms to 2.0.0 to fix regular expression denial of service vulnerability (#458, @​hubdotcom)
• Fix: Inline extend function in node implementation (#452, @​dougwilson)
• Docs: Fix typo (#455, @​msasad)

2.6.5 / 2017-04-27

• Fix: null reference check on window.documentElement.style.WebkitAppearance (#447, @​thebigredgeek)
• Misc: clean up browser reference checks (#447, @​thebigredgeek)
• Misc: add npm-debug.log to .gitignore (@​thebigredgeek)

2.6.4 / 2017-04-20

• Fix: bug that would occure if process.env.DEBUG is a non-string value. (#444, @​LucianBuzzo)
• Chore: ignore bower.json in npm installations. (#437, @​joaovieira)
• Misc: update "ms" to v0.7.3 (@​tootallnate)

2.6.3 / 2017-03-13

• Fix: Electron reference to process.env.DEBUG (#431, @​paulcbetts)
• Docs: Changelog fix (@​thebigredgeek)

2.6.2 / 2017-03-10

• Fix: DEBUG_MAX_ARRAY_LENGTH (#420, @​slavaGanzin)
• Docs: Add backers and sponsors from Open Collective (#422, @​piamancini)
• Docs: Add Slackin invite badge (@​tootallnate)

2.6.1 / 2017-02-10

• Fix: Module's export default syntax fix for IE8 Expected identifier error
• Fix: Whitelist DEBUG_FD for values 1 and 2 only (#415, @​pi0)

... (truncated)

Commits

• 13abeae Release 2.6.9
• f53962e remove ReDoS regexp in %o formatter (#504)
• 52e1f21 Release 2.6.8
• 2482e08 Check for undefined on browser globals (#462)
• 6bb07f7 release 2.6.7
• 15850cb Fix Regular Expression Denial of Service (ReDoS)
• 4a6c85c update "debug" to v1.0.0 (#454)
• b68dbf8 Fix typo (#455)
• 1351d2f Inline extend function in node implementation (#452)
• c211947 update version for component
• Additional commits viewable in compare view

Updates grunt-contrib-connect from 0.10.1 to 3.0.0

Changelog

Sourced from grunt-contrib-connect's changelog.

v3.0.0: date: 2020-07-16 changes: - Requires node 10+. - Updated dependencies. v2.1.0: date: 2019-09-03 changes: - Update package lock. - Allow all configuration options of livereload to be passed through. v2.0.0: date: 2018-09-09 changes: - Drop Node.js < 6 support. - Update all dependencies and switch to node-http2. - Add secureProtocol in httpsOptions. - Fix open.appName. - Allow passing serve-index options. v1.0.2: date: 2016-04-27 changes: - Fixed http2 dependencies and stopped using the fork. v1.0.1: date: 2016-03-22 changes: - Fixed dependencies behind corporate proxy server. v1.0.0: date: 2016-03-04 changes: - Use predefined logger format with colored http status. - Update deps and docs. - HTTP2 support. - Other fixes. v0.11.2: date: 2015-08-03 changes: - Documentation fixes. v0.11.1: date: 2015-08-01 changes: - Fixes debug logging. v0.11.0: date: 2015-07-30 changes: - Update to connect 3.

Commits

• 5c3d0e7 v3.0.0
• 0df44c9 Merge pull request #262 from gruntjs/upt-depxa
• caa1331 Update dependencies
• ace8bd8 Merge pull request #260 from gruntjs/dependabot/npm_and_yarn/lodash-4.17.19
• eb4496c Bump lodash from 4.17.15 to 4.17.19
• 4f3954d Merge pull request #261 from gruntjs/add-actions
• 434ecd6 Add actions
• 15b3a28 Merge pull request #257 from gruntjs/dependabot/npm_and_yarn/lodash-4.17.15
• 801dcda Bump lodash from 4.17.10 to 4.17.15
• b6e703d v2.1.0
• Additional commits viewable in compare view

Updates grunt-contrib-watch from 0.6.1 to 1.1.0

Changelog

Sourced from grunt-contrib-watch's changelog.

v1.1.0: date: 2018-05-12 changes: - Update to [email protected], [email protected], [email protected] v1.0.1: date: 2018-04-20 changes: - Update to [email protected], lodash@4 v1.0.0: date: 2016-03-12 changes: - Updated tiny-lr, gaze, async and lodash dependencies. - Fix endless loop issue with atBegin/nospawn. - Expose hostname parameter of tiny-lr. - Support cwd.event to emit events relative to path. - Removed peerDependencies setting.

Commits

• 3b7ddf4 v1.1.0
• 72b1214 Updating dependencies, async, lodash and tiny-lr
• 5adb27c Merge pull request #543 from digitalbazaar/master
• 6ec71e9 v1.0.1
• 7d20933 Update copyright year
• e3d19df Update ci configs
• d117574 Updating ci configs
• 99410a7 README.md: Fixed typos (#536)
• f07311b Update tiny-lr dependency to 1.x
• 7f8cf80 Add local grunt-cli
• Additional commits viewable in compare view

Updates grunt-usemin from 2.1.1 to 3.1.1

Release notes

Sourced from grunt-usemin's releases.

3.1.1

Fixing breaking change: you can use both uglify or uglifyjs in usemin task.

3.1.0

SVG support: https://github.com/yeoman/grunt-usemin/commit/6119f90bde1c64eddfe1d2717ad98dead9f73768

Changes: https://github.com/yeoman/grunt-usemin/compare/v3.0.0...v3.1.0

3.0.0

• Changed custom pattern behavior to merge instead of overwrite. https://github.com/yeoman/grunt-usemin/commit/989766245ba750b116521c26eca7efbdc22e22c2
• Duplicate blocks should raise a warn instead of a fatal error. https://github.com/yeoman/grunt-usemin/commit/b21b954ca351017366b8935402beaf274af2c3a2

2.6.2

Changes: https://github.com/yeoman/grunt-usemin/compare/v2.6.1...v2.6.2

2.6.1

Changes: https://github.com/yeoman/grunt-usemin/compare/v2.6.0...v2.6.1

2.6.0

Changes: https://github.com/yeoman/grunt-usemin/compare/v2.5.1...v2.6.0

2.5.0

Changes: https://github.com/yeoman/grunt-usemin/compare/v2.4.0...v2.5.0

2.3.0 - remixed-bacon

Highlights:

• Skip duplicate configurations (thanks to @​boushley)
• Add support for block replacement for custom block types (thanks to @​mcampo)

Changes: https://github.com/yeoman/grunt-usemin/compare/v2.2.0...v2.3.0

2.2.0

This is a minor release of grunt-usemin, which introduces the ability to rev src attributes of <video> and <source> tags, adds better stability for working with <img> tags and a number of overall fixes to 2.1.1.

Thanks goes out to XhmikosR who has championed this release.

Full list of changes Fixed issues

Commits

• 2057a27 3.1.1
• 2f77a60 Merge pull request #593 from stephanebachelier/uglify-task-naming
• 47128d0 fix typo in test description
• e2ad40d flow now support both uglify and uglifyjs naming
• 819d655 add notice about breaking change
• d82f57a 3.1.0
• 6b3c0a9 readme tweaks
• fab250e package.json tweaks
• ba1f635 bump chalk
• 7f9edaf Merge pull request #580 from TrevorS/patch-1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by arthurvr, a new releaser for grunt-usemin since your current version.

Updates karma from 0.13.22 to 6.4.1

Release notes

Sourced from karma's releases.

v6.4.1

6.4.1 (2022-09-19)

Bug Fixes

• pass integrity value (63d86be)

v6.4.0

6.4.0 (2022-06-14)

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

v6.3.20

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #3730

v6.3.19

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

v6.3.18

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

v6.3.17

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#3763) (fca1884)

v6.3.16

... (truncated)

Changelog

Sourced from karma's changelog.

6.4.1 (2022-09-19)

Bug Fixes

• pass integrity value (63d86be)

6.4.0 (2022-06-14)

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

... (truncated)

Commits

• 0013121 chore(release): 6.4.1 [skip ci]
• 63d86be fix: pass integrity value
• 84f7cc3 chore(release): 6.4.0 [skip ci]
• f2d0663 docs: add integrity parameter
• dc51a2e feat: support SRI verification of link tags
• 6a54b1c feat: support SRI verification of script tags
• 5e71cf5 chore(release): 6.3.20 [skip ci]
• e17698f fix: prefer IPv4 addresses when resolving domains
• 60f4f79 build: add Node 16 and 18 to the CI matrix
• 6ff5aaf chore(release): 6.3.19 [skip ci]
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.