Bump the npm_and_yarn group across 1 directory with 5 updates

[dependabot[bot]]

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package	From	To
glob-parent	5.1.2	6.0.1
semver	5.7.2	7.5.4
core-js-compat	3.23.1	3.37.0
ejs	3.1.8	3.1.10
webpack	4.44.2	4.47.0

Updates glob-parent from 5.1.2 to 6.0.1

Release notes

Sourced from glob-parent's releases.

glob-parent v6.0.1

Bug Fixes

• Resolve ReDoS vulnerability from CVE-2021-35065 (#49) (3e9f04a)

glob-parent v6.0.0

⚠ BREAKING CHANGES

• Correct mishandled escaped path separators (#34)
• upgrade scaffold, dropping node <10 support

Bug Fixes

• Correct mishandled escaped path separators (#34) (32f6d52), closes #32

Miscellaneous Chores

• upgrade scaffold, dropping node <10 support (e83d0c5)

Changelog

Sourced from glob-parent's changelog.

5.1.2 (2021-03-06)

Bug Fixes

• eliminate ReDoS (#36) (f923116)

6.0.2 (2021-09-29)

Bug Fixes

• Improve performance (#53) (843f8de)

6.0.1 (2021-07-20)

Bug Fixes

• Resolve ReDoS vulnerability from CVE-2021-35065 (#49) (3e9f04a)

6.0.0 (2021-05-03)

⚠ BREAKING CHANGES

• Correct mishandled escaped path separators (#34)
• upgrade scaffold, dropping node <10 support

Bug Fixes

• Correct mishandled escaped path separators (#34) (32f6d52), closes #32

Miscellaneous Chores

• upgrade scaffold, dropping node <10 support (e83d0c5)

5.1.1 (2021-01-27)

Bug Fixes

• unescape exclamation mark (#26) (a98874f)

5.1.0 (2021-01-27)

Features

• add flipBackslashes option to disable auto conversion of slashes (closes #24) (#25) (eecf91d)

5.0.0 (2021-01-27)

⚠ BREAKING CHANGES

• Drop support for node <6 & bump dependencies

... (truncated)

Commits

• e1a15e1 chore: release 6.0.1 (#52)
• 8cdac1e chore: Run prettier
• 3e9f04a fix: Resolve ReDoS vulnerability from CVE-2021-35065 (#49)
• 3ad9597 chore: Run prettier
• 6fd137b chore: release 6.0.0 (#41)
• 32f6d52 fix!: Correct mishandled escaped path separators (#34)
• aa91a48 chore(ci): Upgrade coveralls action to 1.1.2
• 94dc54f chore(ci): Update workflow
• 6b6c5c2 chore: fix typo in badges
• 5384066 Build: Run prettier
• Additional commits viewable in compare view

Updates semver from 5.7.2 to 7.5.4

Release notes

Sourced from semver's releases.

v7.5.4

7.5.4 (2023-07-07)

Bug Fixes

• cc6fde2 #588 trim each range set before parsing (@​lukekarrys)
• 99d8287 #583 correctly parse long build ids as valid (#583) (@​lukekarrys)

v7.5.3

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

v7.5.0

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

v7.4.0

7.4.0 (2023-04-10)

... (truncated)

Changelog

Sourced from semver's changelog.

7.5.4 (2023-07-07)

Bug Fixes

• cc6fde2 #588 trim each range set before parsing (@​lukekarrys)
• 99d8287 #583 correctly parse long build ids as valid (#583) (@​lukekarrys)

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

7.4.0 (2023-04-10)

Features

• 113f513 #532 identifierBase parameter for .inc (#532) (@​wraithgar, @​b-bly)
• 48d8f8f #530 export new RELEASE_TYPES constant (@​hcharley)

... (truncated)

Commits

• 36cd334 chore: release 7.5.4
• 8456d87 chore: postinstall for dependabot template-oss PR
• dde1f00 chore: postinstall for dependabot template-oss PR
• dffcd1b chore: bump @​npmcli/template-oss from 4.16.0 to 4.17.0
• d619f66 chore: postinstall for dependabot template-oss PR
• 3bc4247 chore: bump @​npmcli/template-oss from 4.15.1 to 4.16.0
• cc6fde2 fix: trim each range set before parsing
• 99d8287 fix: correctly parse long build ids as valid (#583)
• 4f0f6b1 chore: fix arguments in whitespace test (#574)
• 6bd1a37 chore: remove duplicate test in semver class (#575)
• Additional commits viewable in compare view

Updates core-js-compat from 3.23.1 to 3.37.0

Changelog

Sourced from core-js-compat's changelog.

3.37.0 - 2024.04.17

• Changes v3.36.1...v3.37.0
• New Set methods proposal:
  • Built-ins:
    • Set.prototype.intersection
    • Set.prototype.union
    • Set.prototype.difference
    • Set.prototype.symmetricDifference
    • Set.prototype.isSubsetOf
    • Set.prototype.isSupersetOf
    • Set.prototype.isDisjointFrom
  • Moved to stable ES, April 2024 TC39 meeting
  • Added es. namespace modules, /es/ and /stable/ namespaces entries
• Explicit Resource Management stage 3 proposal:
  • Some minor updates like explicit-resource-management/217
• Added Math.sumPrecise stage 2.7 proposal:
  • Built-ins:
    • Math.sumPrecise
• Promise.try proposal:
  • Built-ins:
    • Promise.try
  • Added optional arguments support, promise-try/16
  • Moved to stage 2.7, April 2024 TC39 meeting
• RegExp.escape stage 2 proposal:
  • Moved to hex-escape semantics, regex-escaping/67
    • It's not the final change of the way of escaping, waiting for regex-escaping/77 soon
• Pattern matching stage 1 proposal:
  • Built-ins:
    • Symbol.customMatcher
  • Once again, the used well-known symbol was renamed
  • Added new entries for that
• Added Extractors stage 1 proposal:
  • Built-ins:
    • Symbol.customMatcher
  • Since the Symbol.customMatcher well-known symbol from the pattern matching proposal is also used in the exactors proposal, added an entry also for this proposal
• Added URL.parse, url/825
• Engines bugs fixes:
  • Added a fix of Safari { Object, Map }.groupBy bug that does not support iterable primitives
  • Added a fix of Safari bug with double call of constructor in Array.fromAsync
• Compat data improvements:
  • URL.parse added and marked as supported from FF 126
  • URL.parse added and marked as supported from Bun 1.1.4
  • URL.canParse fixed and marked as supported from Bun 1.1.0
  • New Set methods fixed in JavaScriptCore and marked as supported from Bun 1.1.1
  • Added Opera Android 82 compat data mapping

3.36.1 - 2024.03.19

• Changes v3.36.0...v3.36.1
• Fixed some validation cases in Object.setPrototypeOf, #1329, thanks @​minseok-choe
• Fixed the order of validations in Array.from, #1331, thanks @​minseok-choe

... (truncated)

Commits

• 598d0b2 3.37.0
• a7f3a96 URL.parse added and marked as supported from Bun 1.1.4
• 8957db1 update pattern matching proposal
• 9da401f add Math.sumPrecise
• 80f1d23 add a fix of Safari { Object, Map }.groupBy bug that does not support itera...
• 5b908c2 add a fix of Safari bug with double call of constructor in Array.fromAsync
• 42627a6 Merge pull request #1336 from zloirock/bump-set-methods
• 61abd15 add Opera Android 82 compat data mapping
• 559081f move new Set methods to stable ES
• 66e55a9 URL.parse added and marked as supported from FF 126
• Additional commits viewable in compare view

Updates ejs from 3.1.8 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

Commits

• d3f807d Version 3.1.10
• 9ee26dd Mocha TDD
• e469741 Basic pollution protection
• 715e950 Merge pull request #756 from Jeffrey-mu/main
• cabe314 Include advanced usage examples
• 29b076c Added header
• 11503c7 Merge branch 'main' of github.com:mde/ejs into main
• 7690404 Added security banner to README
• f47d7ae Update SECURITY.md
• 828cea1 Update SECURITY.md
• Additional commits viewable in compare view

Updates webpack from 4.44.2 to 4.47.0

Release notes

Sourced from webpack's releases.

v4.47.0

New Features

• [Security] - Add support for md4 in Node >=18. by @​iclanton in webpack/webpack#17628

New Contributors

• @​iclanton made their first contribution in webpack/webpack#17628

Full Changelog: https://github.com/webpack/webpack/compare/v4.46.0...v4.47.0

Commits

• dfffd6a 4.47.0
• 7395af8 Merge pull request #17628 from iclanton/webpack4-md4-hash
• 9b50972 Update SplitChunksPlugin to use the updated createHash function.
• 6f6ae98 Add support for md4 in Node >=18.
• 3956274 Merge pull request #13778 from StyleT/feature/custom_externals_for_systemjs_t...
• 1f11600 fix: fixed work of the non-system type externals for "system" library target
• 444e59f 4.46.0
• 758bb25 Merge pull request #12387 from webpack/bugfix/12386
• 79de1a2 enable backward-compatibility for resolve.roots
• ef75c04 Fix filename in azure pipeline
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by thelarkinn, a new releaser for webpack since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the Security Alerts page.