Bump the npm_and_yarn group across 1 directory with 8 updates

[dependabot]

Bumps the npm_and_yarn group with 6 updates in the / directory:

Package	From	To
@actions/core	1.1.1	1.9.1
semver	7.3.2	7.5.2
ansi-regex	3.0.0	3.0.1
flat	4.1.0	5.0.2
mocha	8.0.1	8.4.0
node-fetch	2.6.0	2.7.0

Updates @actions/core from 1.1.1 to 1.9.1

Changelog

Sourced from @​actions/core's changelog.

1.9.1

• Randomize delimiter when calling core.exportVariable

1.9.0

• Added toPosixPath, toWin32Path and toPlatformPath utilities #1102

1.8.2

• Update to v2.0.1 of @actions/http-client #1087

1.8.1

• Update to v2.0.0 of @actions/http-client

1.8.0

• Deprecate markdownSummary extension export in favor of summary
  • actions/toolkit#1072
  • actions/toolkit#1073

1.7.0

• Added markdownSummary extension

1.6.0

• Added OIDC Client function getIDToken
• Added file parameter to AnnotationProperties

1.5.0

• Added support for notice annotations and more annotation fields

1.4.0

• Added the getMultilineInput function

1.3.0

• Added the trimWhitespace option to getInput
• Added the getBooleanInput function

1.2.7

• Prepend newline for set-output

1.2.6

• Update exportVariable and addPath to use environment files

1.2.5

• Correctly bundle License File with package

1.2.4

• Be more lenient in accepting non-string command inputs
• Add Echo commands

1.2.3

• IsDebug logging

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by thboop, a new releaser for @​actions/core since your current version.

Updates semver from 7.3.2 to 7.5.2

Release notes

Sourced from semver's releases.

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

v7.5.0

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

v7.4.0

7.4.0 (2023-04-10)

Features

• 113f513 #532 identifierBase parameter for .inc (#532) (@​wraithgar, @​b-bly)
• 48d8f8f #530 export new RELEASE_TYPES constant (@​hcharley)

Bug Fixes

• 940723d #538 intersects with v0.0.0 and v0.0.0-0 (#538) (@​wraithgar)
• aa516b5 #535 faster parse options (#535) (@​H4ad)
• 61e6ea1 #536 faster cache key factory for range (#536) (@​H4ad)
• f8b8b61 #541 optimistic parse (#541) (@​H4ad)
• 796cbe2 #533 semver.diff prerelease to release recognition (#533) (@​wraithgar, @​dominique-blockchain)
• 3f222b1 #537 reuse comparators on subset (#537) (@​H4ad)
• f66cc45 #539 faster diff (#539) (@​H4ad)

Documentation

• c5d29df #530 Add "Constants" section to README (@​hcharley)

... (truncated)

Changelog

Sourced from semver's changelog.

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

7.4.0 (2023-04-10)

Features

• 113f513 #532 identifierBase parameter for .inc (#532) (@​wraithgar, @​b-bly)
• 48d8f8f #530 export new RELEASE_TYPES constant (@​hcharley)

Bug Fixes

• 940723d #538 intersects with v0.0.0 and v0.0.0-0 (#538) (@​wraithgar)
• aa516b5 #535 faster parse options (#535) (@​H4ad)
• 61e6ea1 #536 faster cache key factory for range (#536) (@​H4ad)
• f8b8b61 #541 optimistic parse (#541) (@​H4ad)
• 796cbe2 #533 semver.diff prerelease to release recognition (#533) (@​wraithgar, @​dominique-blockchain)
• 3f222b1 #537 reuse comparators on subset (#537) (@​H4ad)
• f66cc45 #539 faster diff (#539) (@​H4ad)

Documentation

• c5d29df #530 Add "Constants" section to README (@​hcharley)

7.3.8 (2022-10-04)

Bug Fixes

... (truncated)

Commits

• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease (#566)
• 5c8efbc fix: preserve build in raw after inc (#565)
• 717534e fix: better handling of whitespace (#564)
• 2f738e9 chore: bump @​npmcli/template-oss from 4.14.1 to 4.15.1 (#558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error (#559)
• 09c69e2 chore: bump @​npmcli/template-oss from 4.13.0 to 4.14.1 (#555)
• 5b02ad7 chore: release 7.5.0
• e219bb4 fix: throw on bad version with correct error message (#552)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.

Updates ansi-regex from 3.0.0 to 3.0.1

Commits

• f545bdb 3.0.1
• c57d4c2 fix a few old XO issues for backport
• 419250f Fix potential ReDoS (#37)
• See full diff in compare view

Updates flat from 4.1.0 to 5.0.2

Commits

• e5ffd66 Release 5.0.2
• fdb79d5 Update dependencies, refresh lockfile, format with standard.
• e52185d Test against node 14 in CI.
• 0189cb1 Avoid arrow function syntax.
• f25d3a1 Release 5.0.1
• 54cc7ad use standard formatting
• 779816e drop dependencies
• 2eea6d3 Bump lodash from 4.17.15 to 4.17.19
• a61a554 Bump acorn from 7.1.0 to 7.4.0
• 20ef0ef Fix prototype pollution on unflatten
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by timoxley, a new releaser for flat since your current version.

Updates mocha from 8.0.1 to 8.4.0

Release notes

Sourced from mocha's releases.

v8.4.0

8.4.0 / 2021-05-07

🎉 Enhancements

• #4502: CLI file parsing errors now have error codes (@​evaline-ju)

🐛 Fixes

• #4614: Watch: fix crash when reloading files (@​outsideris)

📖 Documentation

• #4630: Add options.require to Mocha constructor for root hook plugins on parallel runs (@​juergba)
• #4617: Dynamically generating tests with top-level await and ESM test files (@​juergba)
• #4608: Update default file extensions (@​outsideris)

Also thanks to @​outsideris for various improvements on our GH actions workflows.

v8.3.2

8.3.2 / 2021-03-12

🐛 Fixes

• #4599: Fix regression in require interface (@​alexander-fenster)

📖 Documentation

• #4601: Add build to GH actions run (@​christian-bromann)
• #4596: Filter active sponsors/backers (@​juergba)
• #4225: Update config file examples (@​pkuczynski)

v8.3.1

8.3.1 / 2021-03-06

🐛 Fixes

• #4577: Browser: fix EvalError caused by regenerator-runtime (@​snoack)
• #4574: ESM: allow import from mocha in parallel mode (@​nicojs)

v8.3.0

8.3.0 / 2021-02-11

🎉 Enhancements

• #4506: Add error code for test timeout errors (@​boneskull)
• #4112: Add BigInt support to stringify util function (@​JosejeSinohui)

🐛 Fixes

... (truncated)

Changelog

Sourced from mocha's changelog.

8.4.0 / 2021-05-07

🎉 Enhancements

• #4502: CLI file parsing errors now have error codes (@​evaline-ju)

🐛 Fixes

• #4614: Watch: fix crash when reloading files (@​outsideris)

📖 Documentation

• #4630: Add options.require to Mocha constructor for root hook plugins on parallel runs (@​juergba)
• #4617: Dynamically generating tests with top-level await and ESM test files (@​juergba)
• #4608: Update default file extensions (@​outsideris)

Also thanks to @​outsideris for various improvements on our GH actions workflows.

8.3.2 / 2021-03-12

🐛 Fixes

• #4599: Fix regression in require interface (@​alexander-fenster)

📖 Documentation

• #4601: Add build to GH actions run (@​christian-bromann)
• #4596: Filter active sponsors/backers (@​juergba)
• #4225: Update config file examples (@​pkuczynski)

8.3.1 / 2021-03-06

🐛 Fixes

• #4577: Browser: fix EvalError caused by regenerator-runtime (@​snoack)
• #4574: ESM: allow import from mocha in parallel mode (@​nicojs)

8.3.0 / 2021-02-11

🎉 Enhancements

• #4506: Add error code for test timeout errors (@​boneskull)
• #4112: Add BigInt support to stringify util function (@​JosejeSinohui)

🐛 Fixes

• #4557: Add file location when SyntaxError happens in ESM (@​giltayar)
• #4521: Fix require error when bundling Mocha with Webpack (@​devhazem)

📖 Documentation

... (truncated)

Commits

• 5064c28 Release v8.4.0
• 9cbcc8b update CHANGELOG for v8.4.0 [ci skip]
• 0079ae7 Change CLI file parsing errors to use an error code (#4502)
• d35eb9d docs: add "options.require" to Mocha constructor (#4630) [ci skip]
• 908aa05 GH actions: add Node v16 (#4629)
• 8285910 Watch for test files are crashed (#4614)
• 34643e4 Run browser tests on forked PRs by a dedicated label (#4616)
• 8a2da76 docs: dynamic tests with top-level await (#4617) [ci skip]
• d7ed5c2 Remove unused test.retries(n) (#4611)
• a41f18a GH actions: stale workflow (#4613) [ci skip]
• Additional commits viewable in compare view

Updates node-fetch from 2.6.0 to 2.7.0

Release notes

Sourced from node-fetch's releases.

v2.7.0

2.7.0 (2023-08-23)

Features

• AbortError (#1744) (9b9d458)

v2.6.13

2.6.13 (2023-08-18)

Bug Fixes

• Remove the default connection close header (#1765) (65ae25a), closes #1735 #1473 #1736

v2.6.12

2.6.12 (2023-06-29)

Bug Fixes

• socket variable testing for undefined (#1726) (8bc3a7c)

v2.6.11

2.6.11 (2023-05-09)

Reverts

• Revert "fix: handle bom in text and json (#1739)" (#1741) (afb36f6), closes #1739 #1741

v2.6.10

2.6.10 (2023-05-08)

Bug Fixes

• handle bom in text and json (#1739) (29909d7)

v2.6.9

2.6.9 (2023-01-30)

Bug Fixes

• "global is not defined" (#1704) (70f592d)

v2.6.8

2.6.8 (2023-01-13)

... (truncated)

Commits

• 9b9d458 feat: AbortError (#1744)
• 65ae25a fix: Remove the default connection close header (#1765)
• 8bc3a7c fix: socket variable testing for undefined (#1726)
• afb36f6 Revert "fix: handle bom in text and json (#1739)" (#1741)
• 29909d7 fix: handle bom in text and json (#1739)
• 70f592d fix: "global is not defined" (#1704)
• 0f1ebb0 Prevent error when response is null (#1699)
• 6e9464d ci(release): install dependencies
• dd2a0ba ci(release): install dependencies
• 49bef02 ci(release): use latest Node LTS
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.

Updates serialize-javascript from 3.0.0 to 5.0.1

Release notes

Sourced from serialize-javascript's releases.

v5.0.1

Changelog

• Exclude .vscode and .github directories from package (#97)

v5.0.0

Changelog

• Bump mocha from 8.1.2 to 8.1.3 (#96)
• Support sparse arrays (#95)
• Bump mocha from 8.1.1 to 8.1.2 (#94)
• Bump mocha from 8.1.0 to 8.1.1 (#92)
• Create Dependabot config file (#91)
• Bump mocha from 8.0.1 to 8.1.0 (#90)
• Bump lodash from 4.17.15 to 4.17.19 (#89)
• Bump mocha from 7.2.0 to 8.0.1 (#88)

Behavior changes for sparse arrays

It serializes sparse arrays as follows since this version. The result of serialization may be changed if you are passing sparse arrays values into the serialize-javascript.

const serialize = require('serialize-javascript');
var a = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10];
delete a[0];
a.length = 3;
a[5] = 'wat';
serialize(a) // 'Array.prototype.slice.call({"1":2,"2":3,"5":"wat","length":6})'

---

Thank you @​victorporof for this release.

v4.0.0

Changelog

• Bump nyc from 15.0.1 to 15.1.0 (#85)
• support for bigint (#80)

Behavior changes for BigInt

It serializes BigInt values as follows since this version. The result of serialization may be changed if you are passing BigInt values into the serialize-javascript.

v4.x:

const serialize = require('serialize-javascript');
serialize({big: BigInt('10')}); // '{"big":BigInt("10")}'

v3.x:

... (truncated)

Commits

• 8eb19aa v5.0.1
• d17bcb2 Exclude .vscode and .github directories from package (#97)
• 282a3b8 v5.0.0
• 13feb10 Bump mocha from 8.1.2 to 8.1.3 (#96)
• 96431aa Support sparse arrays (#95)
• d4bed9c Bump mocha from 8.1.1 to 8.1.2 (#94)
• 704a483 Bump mocha from 8.1.0 to 8.1.1 (#92)
• 776a081 Create Dependabot config file (#91)
• ccff78b Bump mocha from 8.0.1 to 8.1.0 (#90)
• 89eded4 Bump lodash from 4.17.15 to 4.17.19 (#89)
• Additional commits viewable in compare view

Updates y18n from 4.0.0 to 5.0.8

Release notes

Sourced from y18n's releases.

y18n y18n-v4.0.3

Bug Fixes

• release: 4.x.x should not enforce Node 10 (#126) (1e21a53)

y18n y18n-v4.0.2

Bug Fixes

• security: ensure entry exists for backport (#120) (b22c0df)

Changelog

Sourced from y18n's changelog.

5.0.8 (2021-04-07)

Bug Fixes

• deno: force modern release for Deno (b1c215a)

5.0.7 (2021-04-07)

Bug Fixes

• deno: force release for deno (#121) (d3f2560)

5.0.6 (2021-04-05)

Bug Fixes

• webpack: skip readFileSync if not defined (#117) (6966fa9)

5.0.5 (2020-10-25)

Bug Fixes

• address prototype pollution issue (#108) (a9ac604)

5.0.4 (2020-10-16)

Bug Fixes

• exports: node 13.0 and 13.1 require the dotted object form with a string fallback (#105) (4f85d80)

5.0.3 (2020-10-16)

Bug Fixes

• exports: node 13.0-13.6 require a string fallback (#103) (e39921e)

5.0.2 (2020-10-01)

Bug Fixes

• deno: update types for deno ^1.4.0 (#100) (3834d9a)

5.0.1 (2020-09-05)

... (truncated)

Commits

• 58a9a3c chore: release 5.0.8 (#129)
• b1c215a fix(deno): force modern release for Deno
• e73fb19 chore: release 5.0.7 (#123)
• d3f2560 fix(deno): force release for deno (#121)
• e9fda61 chore: release 5.0.6 (#118)
• 6966fa9 fix(webpack): skip readFileSync if not defined (#117)
• c755582 docs: add entry for v4.0.1 (#114)
• 2d4c56c chore(deps): update dependency standardx to v6 (#110)
• b64ae70 chore: release 5.0.5 (#109)
• a9ac604 fix: address prototype pollution issue (#108)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.