Bump the npm_and_yarn group across 1 directory with 28 updates

[dependabot[bot]]

Bumps the npm_and_yarn group with 16 updates in the /frontend directory:

Package	From	To
karma	4.2.0	6.3.16
yargs-parser	11.1.1	13.1.2
protractor	5.4.4	5.4.4
@babel/traverse	7.13.0	7.24.7
@npmcli/git	2.0.6	2.1.0
ansi-regex	5.0.0	5.0.1
ansi-regex	4.1.0	5.0.1
ansi-regex	3.0.0	5.0.1
async	2.6.3	2.6.4
json5	1.0.1	1.0.2
loader-utils	1.2.3	3.2.1
@angular-devkit/build-angular	0.1102.5	18.0.4
follow-redirects	1.13.3	1.15.6
json-schema	0.2.3	0.4.0
jsprim	1.4.1	1.4.2
jszip	3.6.0	3.10.1
qs	6.5.2	6.5.3
tar	6.1.0	6.2.1

Updates karma from 4.2.0 to 6.3.16

Release notes

Sourced from karma's releases.

v6.3.16

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

v6.3.15

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

v6.3.14

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

v6.3.13

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #3751

v6.3.12

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

v6.3.11

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

... (truncated)

Changelog

Sourced from karma's changelog.

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #3734

... (truncated)

Commits

• ab4b328 chore(release): 6.3.16 [skip ci]
• ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
• c1befa0 chore(release): 6.3.15 [skip ci]
• d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
• 653c762 ci: prevent duplicate CI tasks on creating a PR
• c97e562 chore(release): 6.3.14 [skip ci]
• 91d5acd fix: remove string template from client code
• 69cfc76 fix: warn when singleRun and autoWatch are false
• 839578c fix(security): remove XSS vulnerability in returnUrl query param
• db53785 chore(release): 6.3.13 [skip ci]
• Additional commits viewable in compare view

Updates yargs-parser from 11.1.1 to 13.1.2

Changelog

Sourced from yargs-parser's changelog.

15.0.0 (2019-10-07)

Features

• rework collect-unknown-options into unknown-options-as-args, providing more comprehensive functionality (ef771ca)

BREAKING CHANGES

• rework collect-unknown-options into unknown-options-as-args, providing more comprehensive functionality

14.0.0 (2019-09-06)

Bug Fixes

• boolean arrays with default values (#185) (7d42572)
• boolean now behaves the same as other array types (#184) (17ca3bd)
• eatNargs() for 'opt.narg === 0' and boolean typed options (#188) (c5a1db0)
• maybeCoerceNumber now takes precedence over coerce return value (#182) (2f26436)
• take into account aliases when appending arrays from config object (#199) (f8a2d3f)

Features

• add configuration option to "collect-unknown-options" (#181) (7909cc4)
• maybeCoerceNumber() now takes into account arrays (#187) (31c204b)

BREAKING CHANGES

• unless "parse-numbers" is set to "false", arrays of numeric strings are now parsed as numbers, rather than strings.
• we have dropped the broken "defaulted" functionality; we would like to revisit adding this in the future.
• maybeCoerceNumber now takes precedence over coerce return value (#182)

13.1.1 (2019-06-10)

Bug Fixes

• convert values to strings when tokenizing (#167) (57b7883)
• nargs should allow duplicates when duplicate-arguments-array=false (#164) (47ccb0b)
• should populate "_" when given config with "short-option-groups" false (#179) (6055974)

13.1.0 (2019-05-05)

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for yargs-parser since your current version.

Updates protractor from 5.4.4 to 5.4.4

Changelog

Sourced from protractor's changelog.

5.4.4

Fixes

• fix: security prototype pollution

5.4.3

Fixes

fix(index.ts): Fix exports to unbreak TypeScript 3.7 build

5.4.2

Features

• (db1b638) feat(saucelabs): add sauceRegion support for eu datacenters (#5083)

  This change allows user to define the backend region from sauce via the sauceRegion property, e.g.

     sauceUser: process.env.SAUCE_USERNAME,
     sauceKey: process.env.SAUCE_ACCESS_KEY,
     sauceRegion: 'eu',
  

  Will run the test against https://ondemand.eu-central-1.saucelabs.com:443/wd/hub/.

     sauceUser: process.env.SAUCE_USERNAME,
     sauceKey: process.env.SAUCE_ACCESS_KEY,
     sauceRegion: 'us',
  // the default
  sauceUser: process.env.SAUCE_USERNAME,
  sauceKey: process.env.SAUCE_ACCESS_KEY,
  

  Will run the test against https://ondemand.saucelabs.com:443/wd/hub/

Fixes

• (f5dbe13) fix(deps): @​types/node is now a dev dependency

5.4.1

Features

• (7b08083)

... (truncated)

Commits

• See full diff in compare view

Updates @babel/traverse from 7.13.0 to 7.24.7

Release notes

Sourced from @​babel/traverse's releases.

v7.24.7 (2024-06-05)

:bug: Bug Fix

• babel-node
  • #16554 Allow extra flags in babel-node (@​nicolo-ribaudo)
• babel-traverse
  • #16522 fix: incorrect constantViolations with destructuring (@​liuxingbaoyu)
• babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
  • #16524 fix: Transform using in switch correctly (@​liuxingbaoyu)

:house: Internal

• babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16525 Delete unused array helpers (@​blakewilson)

Committers: 7

• Amjad Yahia Robeen Hassan (@​amjed-98)
• Babel Bot (@​babel-bot)
• Blake Wilson (@​blakewilson)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Sukka (@​SukkaW)
• @​liuxingbaoyu

v7.24.6 (2024-05-24)

Thanks @​amjed-98, @​blakewilson, @​coelhucas, and @​SukkaW for your first PRs!

:bug: Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16514 Fix source maps for private member expressions (@​nicolo-ribaudo)
• babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • #16515 Fix source maps for template literals (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16485 Support undecorated static accessor in anonymous classes (@​JLHwung)
  • #16484 Fix decorator bare yield await (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
• babel-parser, babel-plugin-transform-typescript
  • #16476 fix: Correctly parse cls.fn<C> = x (@​liuxingbaoyu)

:house: Internal

• babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16501 Generate helper metadata at build time (@​nicolo-ribaudo)
• babel-helpers
  • #16499 Add tsconfig.json for @babel/helpers/src/helpers (@​nicolo-ribaudo)
• babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16495 Move all runtime helpers to individual files (@​nicolo-ribaudo)
• babel-parser, babel-traverse
  • #16482 Statically generate boilerplate for bitfield accessors (@​nicolo-ribaudo)
• Other

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.7 (2024-06-05)

:bug: Bug Fix

• babel-node
  • #16554 Allow extra flags in babel-node (@​nicolo-ribaudo)
• babel-traverse
  • #16522 fix: incorrect constantViolations with destructuring (@​liuxingbaoyu)
• babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
  • #16524 fix: Transform using in switch correctly (@​liuxingbaoyu)

:house: Internal

• babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16525 Delete unused array helpers (@​blakewilson)

v7.24.6 (2024-05-24)

:bug: Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16514 Fix source maps for private member expressions (@​nicolo-ribaudo)
• babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • #16515 Fix source maps for template literals (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16485 Support undecorated static accessor in anonymous classes (@​JLHwung)
  • #16484 Fix decorator bare yield await (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
• babel-parser, babel-plugin-transform-typescript
  • #16476 fix: Correctly parse cls.fn<C> = x (@​liuxingbaoyu)

:house: Internal

• babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16501 Generate helper metadata at build time (@​nicolo-ribaudo)
• babel-helpers
  • #16499 Add tsconfig.json for @babel/helpers/src/helpers (@​nicolo-ribaudo)
• babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16495 Move all runtime helpers to individual files (@​nicolo-ribaudo)
• babel-parser, babel-traverse
  • #16482 Statically generate boilerplate for bitfield accessors (@​nicolo-ribaudo)
• Other
  • #16466 Migrate import assertions syntax (@​JLHwung)

v7.24.5 (2024-04-29)

:bug: Bug Fix

• babel-plugin-transform-classes, babel-traverse
  • #16377 fix: TypeScript annotation affects output (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
  • #16440 Fix suppressed error order (@​sossost)
  • #16408 Await nullish async disposable (@​JLHwung)

:nail_care: Polish

• babel-parser

... (truncated)

Commits

• bf1e9a3 v7.24.7
• 4463aa5 fix: incorrect constantViolations with destructuring (#16522)
• 07bd000 Improve getBindingIdentifiers (#16544)
• 17a5502 [Babel 8] Remove extra.shorthand (#16521)
• 7934963 Use type: module in all package.jsons (#16535)
• 9630250 v7.24.6
• 1f010df Explicitly define NodePath.prototype.* (#16488)
• 6e3539b [babel 8] Publish .d.ts files for every package (#16416)
• e37e64d Use eslint v9 (#16479)
• 3ff20b9 Statically generate boilerplate for bitfield accessors (#16482)
• Additional commits viewable in compare view

Updates @npmcli/git from 2.0.6 to 2.1.0

Changelog

Sourced from @​npmcli/git's changelog.

Changelog

5.0.7 (2024-05-04)

Bug Fixes

• fbf9390 #186 linting: no-unused-vars (@​lukekarrys)

Chores

• 3a54aa9 #186 bump @​npmcli/template-oss to 4.22.0 (@​lukekarrys)
• ea26e3a #186 postinstall for dependabot template-oss PR (@​lukekarrys)
• b7ab170 #184 bump @​npmcli/template-oss from 4.21.3 to 4.21.4 (@​dependabot[bot])

5.0.6 (2024-04-12)

Dependencies

• 683deed #182 [email protected] (#182)

5.0.5 (2024-04-08)

Bug Fixes

• d9bf355 #180 use fs/promises instead of util.promisify (#180) (@​lukekarrys)

5.0.4 (2023-12-19)

Bug Fixes

• c398872 #176 lazy load of which module (#176) (@​thecodrr)

Chores

• 46192f5 #175 postinstall for dependabot template-oss PR (@​lukekarrys)
• 51011f8 #175 bump @​npmcli/template-oss from 4.21.1 to 4.21.3 (@​dependabot[bot])
• 8b1d897 #173 postinstall for dependabot template-oss PR (@​lukekarrys)
• 157ed48 #173 bump @​npmcli/template-oss from 4.19.0 to 4.21.1 (@​dependabot[bot])
• 0d06a9f #154 postinstall for dependabot template-oss PR (@​lukekarrys)
• b425d28 #154 bump @​npmcli/template-oss from 4.18.1 to 4.19.0 (@​dependabot[bot])
• ecc938a #152 postinstall for dependabot template-oss PR (@​lukekarrys)
• 72430ad #152 bump @​npmcli/template-oss from 4.18.0 to 4.18.1 (@​dependabot[bot])

5.0.3 (2023-08-30)

Dependencies

• 5d5a6ed #150 bump @​npmcli/promise-spawn from 6.0.2 to 7.0.0

5.0.2 (2023-08-30)

... (truncated)

Commits

• 101abac 2.1.0
• 766de2f Throw custom errors from spawn (#32)
• ef5cfcc 2.0.9
• ab646cf Do not allow git replacement objects by default (#30)
• 94e2543 update tap, test on node 16
• 1ce7b97 2.0.8
• 9fab115 Merge pull request #29 from npm/nlf/no-shell
• f48dc34 chore: run lint as posttest
• e69549f fix: remove path escaping since we do not need it when not using a shell
• 766bfbe fix: do not use a shell for git commands
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for @​npmcli/git since your current version.

Updates ansi-regex from 5.0.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

• Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

Commits

• a9babce 5.0.1
• 4657833 fix incorrect format
• c3c0b3f Fix potential ReDoS (#37)
• 178363b Move to GitHub Actions (#35)
• 0755e66 Add @​Qix- to funding.yml
• See full diff in compare view

Updates ansi-regex from 4.1.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

• Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

Commits

• a9babce 5.0.1
• 4657833 fix incorrect format
• c3c0b3f Fix potential ReDoS (#37)
• 178363b Move to GitHub Actions (#35)
• 0755e66 Add @​Qix- to funding.yml
• See full diff in compare view

Updates ansi-regex from 3.0.0 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

• Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

Commits

• a9babce 5.0.1
• 4657833 fix incorrect format
• c3c0b3f Fix potential ReDoS (#37)
• 178363b Move to GitHub Actions (#35)
• 0755e66 Add @​Qix- to funding.yml
• See full diff in compare view

Updates async from 2.6.3 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

• Fix potential prototype pollution exploit (#1828)

Commits

• c6bdaca Version 2.6.4
• 8870da9 Update built files
• 4df6754 update changelog
• 8f7f903 Fix prototype pollution vulnerability (#1828)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full diff in compare view

Updates loader-utils from 1.2.3 to 3.2.1

Release notes

Sourced from loader-utils's releases.

v3.2.1

3.2.1 (2022-11-11)

Bug Fixes

• ReDoS problem (#224) (d2d752d)

v3.2.0

3.2.0 (2021-11-11)

Features

• hash uniformity for base digests (451858b)

v3.1.3

3.1.3 (2021-11-04)

Bug Fixes

• crash with md4 hash (#198) (ef084d4)

v3.1.2

3.1.2 (2021-11-04)

Bug Fixes

• bug with unicode characters (#196) (0426405)

v3.1.1

3.1.1 (2021-11-04)

Bug Fixes

• base64 and unicode characters (02b1f3f)

v3.1.0

3.1.0 (2021-10-29)

Features

• added md4 (wasm version) and md4-native (crypto module version) algorithms (cbf9d1d)

v3.0.0

3.0.0 (2021-10-20)

... (truncated)

Changelog

Sourced from loader-utils's changelog.

3.2.1 (2022-11-11)

Bug Fixes

• ReDoS problem (#224) (d2d752d)

3.2.0 (2021-11-11)

Features

• hash uniformity for base digests (451858b)

3.1.3 (2021-11-04)

Bug Fixes

• crash with md4 hash (#198) (ef084d4)

3.1.2 (2021-11-04)

Bug Fixes

• bug with unicode characters (#196) (0426405)

3.1.1 (2021-11-04)

Bug Fixes

• base64 and unicode characters (02b1f3f)

3.1.0 (2021-10-29)

Features

• added md4 (wasm version) and md4-native (crypto module version) algorithms (cbf9d1d)

3.0.0 (2021-10-20)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 12.13.0 (93a87ce)
• use xxhash64 by default for [hash]/[contenthash] and getHashDigest API
• [emoji] was removed without replacements, please use custom function if you need this

... (truncated)

Commits

• a3fd3ca chore(release): 3.2.1
• d2d752d fix: ReDoS problem (#224)
• 52cd134 chore(deps): bump minimist from 1.2.5 to 1.2.6 (#209)
• 9fe2381 chore: add .gitattributes for normalizing end of lines - fixes #203 (#204)
• a282654 chore(release): 3.2.0
• f2a524b chore(deps): update (#200)
• 451858b feat: hash uniformity for base digests
• f7dbfe1 chore(release): 3.1.3
• ef084d4 fix: crash with md4 hash (#198)
• 097f5c3 chore(release): 3.1.2
• Additional commits viewable in compare view

Updates @angular-devkit/build-angular from 0.1102.5 to 18.0.4

Release notes

Sourced from @​angular-devkit/build-angular's releases.

v18.0.4

18.0.4 (2024-06-13)

@​angular/build

Commit	Description
	do not reference sourcemaps in web workers and global stylesheet bundles when hidden setting is enabled
	generate module preloads next to script elements in index HTML
	Initiate PostCSS only once
	issue warning when auto adding @angular/localize/init

v18.0.3

18.0.3 (2024-06-05)

@​angular/cli

Commit	Description
	add schema.json options to parsed command, also when a version is passed to ng add <package>@<version>

@​angular/build

Commit	Description
	avoid escaping rebased Sass URL values
	disable JS transformer persistent cache on web containers
	improve Sass rebaser ident token detection
	watch all related files during a Sass error

v18.0.2

18.0.2 (2024-05-29)

@​schematics/angular

Commit	Description
	check both application builder packages in SSR schematic
	set builders assets option correctly for new applications

@​angular/build

Commit	Description
	disable Worker wait loop for Sass compilations in web containers
	print Sass @warn location
	support valid self-closing MathML tags in HTML index file
	support valid self-closing SVG tags in HTML index file

@​angular/pwa

Commit	Description
	set manifest icons location to match assets builder option

v18.0.1

18.0.1 (2024-05-23)

@​sche...

Description has been truncated