Bump the npm_and_yarn group across 8 directories with 15 updates

[dependabot]

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package	From	To
cookie	0.4.1	0.7.0
minimatch	3.1.2	10.0.1
postcss	8.4.33	8.4.34
webpack	5.77.0	5.94.0
xml2js	0.5.0	0.6.0
es5-ext	0.10.53	0.10.64
ws	7.4.6	7.5.10

Bumps the npm_and_yarn group with 3 updates in the /build directory: braces, cross-spawn and @azure/identity.
Bumps the npm_and_yarn group with 2 updates in the /extensions directory: braces and micromatch.
Bumps the npm_and_yarn group with 3 updates in the /extensions/markdown-language-features directory: semver, dompurify and katex.
Bumps the npm_and_yarn group with 1 update in the /extensions/markdown-math directory: katex.
Bumps the npm_and_yarn group with 1 update in the /extensions/notebook-renderers directory: ws.
Bumps the npm_and_yarn group with 3 updates in the /extensions/npm directory: minimatch, braces and micromatch.
Bumps the npm_and_yarn group with 4 updates in the /remote directory: cookie, braces, micromatch and semver.

Updates cookie from 0.4.1 to 0.7.0

Release notes

Sourced from cookie's releases.

0.7.0

• perf: parse cookies ~10% faster (#144 by @​kurtextrem and #170)
• fix: narrow the validation of cookies to match RFC6265 (#167 by @​bewinsnw)
• fix: add main to package.json for rspack (#166 by @​proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

• Add partitioned option

0.5.0

• Add priority option
• Fix expires option to reject invalid dates
• pref: improve default decode speed
• pref: remove slow string split in parse

0.4.2

• pref: read value only when assigning in parse
• pref: remove unnecessary regexp in parse

Commits

• ab057d6 0.7.0
• 5f02ca8 Migrate history to GitHub releases
• a5d591c Migrate history to GitHub releases
• 51968f9 Skip isNaN
• 9e7ca51 perf(parse): cache length, return early (#144)
• d6f39b0 Fix tests for old node
• 6bb701f Remove failing scorecard
• ca70da4 test(serialize): additional tests for name, domain and path RFC validations (...
• 47917c9 Iterate whitespace for perf (#170)
• 927d48a Add main to package.json (#166)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates minimatch from 3.1.2 to 10.0.1

Changelog

Sourced from minimatch's changelog.

change log

10.0

• Require node 20 or 22 and higher

9.0

• No default export, only named exports.

8.0

• Recursive descent parser for extglob, allowing correct support for arbitrarily nested extglob expressions
• Bump required Node.js version

7.4

• Add escape() method
• Add unescape() method
• Add Minimatch.hasMagic() method

7.3

• Add support for posix character classes in a unicode-aware way.

7.2

• Add windowsNoMagicRoot option

7.1

• Add optimizationLevel configuration option, and revert the default back to the 6.2 style minimal optimizations, making the advanced transforms introduced in 7.0 opt-in. Also, process provided file paths in the same way in optimizationLevel:2 mode, so most things that matched with optimizationLevel 1 or 0 should match with level 2 as well. However, level 1 is the default, out of an abundance of caution.

7.0

• Preprocess patterns to simplify complicated patterns and reduce out .. pattern portions where possible. Note that this means a pattern like a/b/../* will be equivalent to a/*, and will not match the string a/b/../c. If this causes problems, it can be addressed in a patch release by resolving .. portions in the test string.

6.2

... (truncated)

Commits

• 0569cd3 10.0.1
• 17d31c7 rollback to brace-expansion 2, for cjs support
• 346685c 10.0.0
• 632e0da modernize, drop old node versions
• 0de7f45 9.0.5
• d16b95c whitespace formatting
• f09ab67 fix: duplicated patterns in second phase preprocess loop
• d5ef89f docs: Fix typo
• cb4be48 9.0.4
• c091ce2 build with tshy, update tap
• Additional commits viewable in compare view

Updates postcss from 8.4.33 to 8.4.34

Release notes

Sourced from postcss's releases.

8.4.34

• Fixed AtRule#nodes type (by @​tim-we).
• Cleaned up code (by @​DrKiraDmitry).

Changelog

Sourced from postcss's changelog.

8.4.34

• Fixed AtRule#nodes type (by Tim Weißenfels).
• Cleaned up code (by Dmitry Kirillov).

Commits

• 477b3bb Release 8.4.34 version
• 25af117 Update dependencies
• bb0314a Merge pull request #1922 from tim-we/improve-at-rule-types
• 9dd5a93 Fix at-rule test
• 8322d11 Fix visitor test
• ee7fcd4 Fix Document#nodes
• 5e7dde7 Remove whitespaces
• 8fda920 Add unit test
• b787a64 Remove whitespaces
• e288c8d Update AtRule#nodes documentation
• Additional commits viewable in compare view

Updates webpack from 5.77.0 to 5.94.0

Release notes

Sourced from webpack's releases.

v5.94.0

Bug Fixes

• Added runtime condition for harmony reexport checked
• Handle properly data/http/https protocols in source maps
• Make bigint optimistic when browserslist not found
• Move @​types/eslint-scope to dev deps
• Related in asset stats is now always an array when no related found
• Handle ASI for export declarations
• Mangle destruction incorrect with export named default properly
• Fixed unexpected asi generation with sequence expression
• Fixed a lot of types

New Features

• Added new external type "module-import"
• Support webpackIgnore for new URL() construction
• [CSS] @import pathinfo support

Security

• Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

• Generate correct relative path to runtime chunks
• Makes DefinePlugin quieter under default log level
• Fixed mangle destructuring default in namespace import
• Fixed consumption of eager shared modules for module federation
• Strip slash for pretty regexp
• Calculate correct contenthash for CSS generator options

New Features

• Added the binary generator option for asset modules to explicitly keep source maps produced by loaders
• Added the modern-module library value for tree shakable output
• Added the overrideStrict option to override strict or non-strict mode for javascript modules

v5.92.1

Bug Fixes

• Doesn't crash with an error when the css experiment is enabled and contenthash is used

v5.92.0

Bug Fixes

• Correct tidle range's comutation for module federation
• Consider runtime for pure expression dependency update hash
• Return value in the subtractRuntime function for runtime logic

... (truncated)

Commits

• eabf85d chore(release): 5.94.0
• 955e057 security: fix DOM clobbering in auto public path
• 9822387 test: fix
• cbb86ed test: fix
• 5ac3d7f fix: unexpected asi generation with sequence expression
• 2411661 security: fix DOM clobbering in auto public path
• b8c03d4 fix: unexpected asi generation with sequence expression
• f46a03c revert: do not use heuristic fallback for "module-import"
• 60f1898 fix: do not use heuristic fallback for "module-import"
• 66306aa Revert "fix: module-import get fallback from externalsPresets"
• Additional commits viewable in compare view

Updates xml2js from 0.5.0 to 0.6.0

Commits

• 0e29f0e Release new version
• a25035c Remove old unused files
• 1de4688 Merge pull request #680 from Leonidas-from-XIV/zap-dependency-fix
• 3b97ae5 Merge pull request #681 from Leonidas-from-XIV/cve-compat-fix
• 167a385 Fix zap to be the original dependency
• 5f6620f Compile changed coffeescript code
• 044cfe5 Undo API changes from #603
• 7292aa9 fix: include missed key check
• 4c8ec89 fix: revert incorrectly adapted code
• ad3a297 refactor: extract function for key check
• Additional commits viewable in compare view

Updates es5-ext from 0.10.53 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

---

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

---

Comparison since last release

0.10.62 (2022-08-02)

Maintenance Improvements

• Manifest improvements:
  • (#190) (b8dc53f)
  • (c51d552)

---

Comparison since last release

0.10.61 (2022-04-20)

Bug Fixes

• Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

• Bump dependencies (d7e0a61)

---

Comparison since last release

0.10.60 (2022-04-07)

Maintenance Improvements

• Improve postinstall script configuration (ab6b121)

---

... (truncated)

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

0.10.62 (2022-08-02)

Maintenance Improvements

• Manifest improvements:
  • (#190) (b8dc53f)
  • (c51d552)

0.10.61 (2022-04-20)

Bug Fixes

• Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

• Bump dependencies (d7e0a61)

0.10.60 (2022-04-07)

Maintenance Improvements

• Improve postinstall script configuration (ab6b121)

0.10.59 (2022-03-17)

Maintenance Improvements

• Improve manifest wording (#122) (eb7ae59)
• Update data in manifest (3d2935a)

0.10.58 (2022-03-11)

... (truncated)

Commits

• f76b03d chore: Release v0.10.64
• 2881acd chore: Bump dependencies
• c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
• 16f2b72 docs: Fix date in the changelog
• de4e03c chore: Release v0.10.63
• 3fd53b7 chore: Upgrade lint-staged to v13
• bf8ed79 chore: Ensure postinstall script does not crash on Windows
• 2cbbb07 chore: Bump dependencies
• 22d0416 chore: Bump LICENSE year
• a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
• Additional commits viewable in compare view

Updates terser from 5.7.1 to 5.36.0

Changelog

Sourced from terser's changelog.

v5.36.0

• Support import attributes with syntax

v5.35.0

• Ensure parent directory exists when using --output on CLI (#1530)

v5.34.1

• bump the rollup devDependency to disable CVE warnings (Terser was not affected)

v5.34.0

• internal: stop assigning properties to objects they don't belong in
• internal: run compress tests in parallel
• drop_console: emit an empty function if the return value of console.METHOD(...) may be called.

v5.33.0

• reduce_vars improved when dealing with hoisted function definitions (#1544)

v5.32.0

• import("module") can now be input and output from ESTree AST (#1557)
• BigInt literals can now be input and output from ESTree AST (#1555)
• typeof an object or array (typeof {} and typeof []) can now be statically evaluated. (#1546)

v5.31.6

• Retain side effects in a case when the expression is a sequence (comma) expression

v5.31.5

• Revert v5.31.4, which created mysterious issues #1548, #1549

v5.31.4 (reverted)

• drop_unused: drop classes which only have side effects in the extends part

v5.31.3

• drop_unused: drop unused parameters from IIFEs in some more situations.

v5.31.2

• drop_unused: scan variables in self-referential class declarations that contain side effects.
• Don't add parens to arrow function when it's the default for an argument (#1540)
• Update domprops (#1538)

v5.31.1

• Allow drop-unused to drop the whole assignment (not just the assigned name) in more situations, in order to avoid duplication of long strings.

v5.31.0

• Sync up property mangler exceptions with current contents of Firefox and Chrome environments

... (truncated)

Commits

• 0d8891d 5.36.0
• b0ce144 update changelog
• cf3d3e9 support import attributes with syntax. Closes #1529
• 070a8ad update changelog
• cee00a8 5.35.0
• 142f56a Ensure parent directory exists when using --output on CLI (#1530)
• 97f9619 test pull requests
• 2a964a6 create an environment variable override to skip using test workers
• 1ae9c77 fix(deps): update dependency acorn to v8.13.0 (#1566)
• 107c77a fix typo in property name (#1562)
• Additional commits viewable in compare view

Updates ws from 7.4.6 to 7.5.10

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

• Backported e55e5106 to the 7.x release line (22c28763).

7.5.9

Bug fixes

• Backported bc8bd34e to the 7.x release line (0435e6e1).

7.5.8

Bug fixes

• Backported 0fdcc0af to the 7.x release line (2758ed35).
• Backported d68ba9e1 to the 7.x release line (dc1781bc).

7.5.7

Bug fixes

• Backported 6946f5fe to the 7.x release line (1f72e2e1).

7.5.6

Bug fixes

• Backported b8186dd1 to the 7.x release line (73dec34b).
• Backported ed2b8039 to the 7.x release line (22a26afb).

7.5.5

Bug fixes

• Backported ec9377ca to the 7.x release line (0e274acd).

7.5.4

Bug fixes

• Backported 6a72da3e to the 7.x release line (76087fbf).
• Backported 869c9892 to the 7.x release line (27997933).

7.5.3

Bug fixes

• The WebSocketServer constructor now throws an error if more than one of the noServer, server, and port options are specefied (66e58d27).
• Fixed a bug where a 'close' event was emitted by a WebSocketServer before the internal HTTP/S server was actually closed (5a587304).
• Fixed a bug that allowed WebSocket connections to be established after WebSocketServer.prototype.close() was called (772236a1).

7.5.2

Bug fixes

... (truncated)

Commits

• d962d70 [dist] 7.5.10
• 22c2876 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 8a78f87 [dist] 7.5.9
• 0435e6e [security] Fix same host check for ws+unix: redirects
• 4271f07 [dist] 7.5.8
• dc1781b [security] Drop sensitive headers when following insecure redirects
• 2758ed3 [fix] Abort the handshake if the Upgrade header is invalid
• a370613 [dist] 7.5.7
• 1f72e2e [security] Drop sensitive headers when following redirects (#2013)
• 8ecd890 [dist] 7.5.6
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates @azure/identity from 3.4.1 to 4.2.1

Commits

• 183d301 Upgrade to a version ESRP Release that supports federated auth (#29612)
• 9a2afdf [identity] Prep for release (#29981)
• 3caf203 [identity] Prepare identity for May release (#29441)
• 0a69729 [core] CHANGELOG date for @​azure-rest/core-client release (#29440)
• 88d244a Sync eng/common directory with azure-sdk-tools for PR 8158 (#29423)
• 7706373 [template-dpg] Suppress build failure (#29437)
• 769c1b1 [EngSys] Update name of @​azure-tools/test-utils NO_CI
• 8cd5bc2 [core] New multipart/form-data primitive in core-client-rest (#29047)
• 73b9faa [identity] Add changelog entry for MSALClient migration (#29419)
• b8e63a5 Post release automated changes for notificationhubs releases (#29431)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by microsoft1es, a new releaser for @​azure/identity since your current version.

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

• this is basically v4.0.5, with some README updates
• it is vulnerable to CVE-2024-4067
• Updated braces to v3.0.3 to avoid CVE-2024-4068
• does NOT break API compatibility

[4.0.6] - 2024-05-21

• Added hasBraces to check if a pattern contains braces.
• Fixes CVE-2024-4067
• BREAKS API COMPATIBILITY
• Should be labeled as a major release, but it's not.

Commits

• 8bd704e 4.0.8
• a0e6841 run verb to generate README documentation
• 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
• 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
• 814f5f7 lint
• 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
• 113f2e3 fix: CVE numbers in CHANGELOG
• d9dbd9a feat: updated CHANGELOG
• 2ab1315 fix: use actions/setup-node@v4
• 1406ea3 feat: rework test to work on macos with node 10,12 and 14
• Additional commits viewable in compare view

Updates semver from 7.5.4 to 7.6.3

Release notes

Sourced from semver's releases.

v7.6.3

7.6.3 (2024-07-16)

Bug Fixes

• 73a3d79 #726 optimize Range parsing and formatting (#726) (@​jviide)

Documentation

• 2975ece #719 fix extra backtick typo (#719) (@​stdavis)

v7.6.2

7.6.2 (2024-05-09)

Bug Fixes

• 6466ba9 #713 lru: use map.delete() directly (#713) (@​negezor, @​lukekarrys)

v7.6.1

7.6.1 (2024-05-04)

Bug Fixes

• c570a34 #704 linting: no-unused-vars (@​wraithgar)
• ad8ff11 #704 use internal cache implementation (@​mbtools)
• ac9b357 #682 typo in compareBuild debug message (#682) (@​mbtools)

Dependencies

• 988a8de #709 uninstall lru-cache (#709)
• 3fabe4d #704 remove lru-cache

Chores

• dd09b60 #705 bump @​npmcli/template-oss to 4.22.0 (@​lukekarrys)
• ec49cdc #701 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• b236c3d #696 add benchmarks (#696) (@​H4ad)
• 692451b #688 various improvements to README (#688) (@​mbtools)
• 5feeb7f #705 postinstall for dependabot template-oss PR (@​lukekarrys)
• 074156f #701 bump @​npmcli/template-oss from 4.21.3 to 4.21.4 (@​dependabot[bot])

v7.6.0

7.6.0 (2024-01-31)

Features

• a7ab13a #671 preserve pre-release and build parts of a version on coerce (#671) (@​madtisa, madtisa, @​wraithgar)

Chores

... (truncated)

Changelog

Sourced from semver's changelog.

7.6.3 (2024-07-16)

Bug Fixes

• 73a3d79 #726 optimize Range parsing and formatting (#726) (@​jviide)

Documentation

• 2975ece #719 fix extra backtick typo (#719) (@​stdavis)

7.6.2 (2024-05-09)

Bug Fixes

• 6466ba9 #713 lru: use map.delete() directly (#713) (@​negezor, @​lukekarrys)

7.6.1 (2024-05-04)

Bug Fixes

• c570a34 #704 linting: no-unused-vars (@​wraithgar)
• ad8ff11 #704 use internal cache implementation (@​mbtools)
• ac9b357 #682 typo in compareBuild debug message (#682) (@​mbtools)

Dependencies

• 988a8de #709 uninstall lru-cache (#709)
• 3fabe4d #704 remove lru-cache

Chores

• dd09b60 #705 bump @​npmcli/template-oss to 4.22.0 (@​lukekarrys)
• ec49cdc #701 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• b236c3d #696 add benchmarks (#696) (@​H4ad)
• 692451b #688 various improvements to README (#688) (@​mbtools)
• 5feeb7f #705 postinstall for dependabot template-oss PR (@​lukekarrys)
• 074156f #701 bump @​npmcli/template-oss from 4.21.3 to 4.21.4 (@​dependabot[bot])

7.6.0 (2024-01-31)

Features

• a7ab13a #671 preserve pre-release and build parts of a version on coerce (#671) (@​madtisa, madtisa, @​wraithgar)

Chores

• 816c7b2 #667 postinstall for dependabot template-oss PR (@​lukekarrys)
• 0bd24d9 #667 bump @​npmcli/template-oss from 4.21.1 to 4.21.3 (@​dependabot[bot])
• e521932 #652 postinstall for dependabot template-oss PR (@​lukekarrys)
• 8873991 #652 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)

... (truncated)

Commits

• 0a12d6c chore: release 7.6.3 (#720)
• 73a3d79 fix: optimize Range parsing and formatting (#726)
• 2975ece docs: fix extra backtick typo (#719)
• eb1380b chore: release 7.6.2 (#714)
• 6466ba9 fix(lru): use map.delete() directly (#713)
• d777418 chore: release 7.6.1 (#706)
• 988a8de deps: uninstall lru-cache (