bump: npm_and_yarn group across 2 directories with 15 updates

[dependabot]

#minor

Bumps the npm_and_yarn group with 13 updates in the / directory:

Package	From	To
zod	3.22.4	3.22.5
node-fetch	2.6.7	3.3.2
minimatch	4.2.3	5.0.0
ws	7.4.6	8.17.0
@types/ws	6.0.4	8.5.10
elliptic	6.5.3	6.5.5
find-my-way	2.2.4	2.2.5
highlight.js	10.3.2	10.7.3
hosted-git-info	2.8.8	2.8.9
ini	1.3.5	1.3.8
postcss	8.4.31	8.4.38
ssri	6.0.1	6.0.2
y18n	3.2.1	3.2.2

Bumps the npm_and_yarn group with 7 updates in the /testing/browser-functional/browser-echo-bot directory:

Package	From	To
ws	6.2.1	6.2.2
elliptic	6.5.3	6.5.5
ini	1.3.5	1.3.8
path-parse	1.0.6	1.0.7
ssri	6.0.1	6.0.2
y18n	4.0.0	4.0.3
dns-packet	1.3.1	1.3.4

Updates zod from 3.22.4 to 3.22.5

Commits

• See full diff in compare view

Updates node-fetch from 2.6.7 to 3.3.2

Release notes

Sourced from node-fetch's releases.

v3.3.2

3.3.2 (2023-07-25)

Bug Fixes

• Remove the default connection close header. (#1736) (8b3320d), closes #1735 #1473

v3.3.1

3.3.1 (2023-03-11)

Bug Fixes

• release "Allow URL class object as an argument for fetch()" #1696 (#1716) (7b86e94)

v3.3.0

3.3.0 (2022-11-10)

Features

• add static Response.json (#1670) (55a4870)

v3.2.10

3.2.10 (2022-07-31)

Bug Fixes

• ReDoS referrer (#1611) (2880238)

v3.2.9

3.2.9 (2022-07-18)

Bug Fixes

• Headers: don't forward secure headers on protocol change (#1599) (e87b093)

v3.2.8

3.2.8 (2022-07-12)

Bug Fixes

• possibly flaky test (#1523) (11b7033)

... (truncated)

Commits

• 8b3320d fix: Remove the default connection close header. (#1736)
• 7b86e94 fix: release "Allow URL class object as an argument for fetch()" #1696 (#1716)
• 8ced5b9 docs: readme - non ESM example (#1707)
• 71e376b ci(release): use latest Node LTS (#1697)
• e093030 Allow URL class object as an argument for fetch() (#1696)
• 55a4870 feat: add static Response.json (#1670)
• c071406 (1138) - Fixed HTTPResponseError with correct constructor and usage (#1666)
• 6f72caa docs: fix missing comma in example (#1623)
• 2880238 fix: ReDoS referrer (#1611)
• e87b093 fix(Headers): don't forward secure headers on protocol change (#1599)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.

Updates minimatch from 4.2.3 to 5.0.0

Changelog

Sourced from minimatch's changelog.

change log

9.0

• No default export, only named exports.

8.0

• Recursive descent parser for extglob, allowing correct support for arbitrarily nested extglob expressions
• Bump required Node.js version

7.4

• Add escape() method
• Add unescape() method
• Add Minimatch.hasMagic() method

7.3

• Add support for posix character classes in a unicode-aware way.

7.2

• Add windowsNoMagicRoot option

7.1

• Add optimizationLevel configuration option, and revert the default back to the 6.2 style minimal optimizations, making the advanced transforms introduced in 7.0 opt-in. Also, process provided file paths in the same way in optimizationLevel:2 mode, so most things that matched with optimizationLevel 1 or 0 should match with level 2 as well. However, level 1 is the default, out of an abundance of caution.

7.0

• Preprocess patterns to simplify complicated patterns and reduce out .. pattern portions where possible. Note that this means a pattern like a/b/../* will be equivalent to a/*, and will not match the string a/b/../c. If this causes problems, it can be addressed in a patch release by resolving .. portions in the test string.

6.2

• Add nocaseMagicOnly flag

6.1

... (truncated)

Commits

• fc44f5f 5.0.0
• 9104d8d Expect exclusively forward slash as path sep, same as node-glob
• 58b72d3 fix(brace-expansion): ignore only blocks that begins with $
• ddfacbd update brace-expansion
• 55ed736 update package scripts and deps
• See full diff in compare view

Updates ws from 7.4.6 to 8.17.0

Release notes

Sourced from ws's releases.

8.17.0

Features

• The WebSocket constructor now accepts the createConnection option (#2219).

Other notable changes

• The default value of the allowSynchronousEvents option has been changed to true (#2221).

This is a breaking change in a patch release. The assumption is that the option is not widely used.

8.16.0

Features

• Added the autoPong option (01ba54ed).

8.15.1

Notable changes

• The allowMultipleEventsPerMicrotask option has been renamed to allowSynchronousEvents (4ed7fe58).

This is a breaking change in a patch release that could have been avoided with an alias, but the renamed option was added only 3 days ago, so hopefully it hasn't already been widely used.

8.15.0

Features

• Added the allowMultipleEventsPerMicrotask option (93e3552e).

8.14.2

Bug fixes

• Fixed an issue that allowed errors thrown by failed assertions to be swallowed when running tests (7f4e1a75).

8.14.1

Bug fixes

• Improved the reliability of two tests for CITGM (fd3c64cb).

8.14.0

Features

• The WebSocket constructor now accepts HTTP(S) URLs (#2162).

... (truncated)

Commits

• b73b118 [dist] 8.17.0
• 29694a5 [test] Use the highWaterMark variable
• 934c9d6 [ci] Test on node 22
• 1817bac [ci] Do not test on node 21
• 96c9b3d [major] Flip the default value of allowSynchronousEvents (#2221)
• e5f32c7 [fix] Emit at most one event per event loop iteration (#2218)
• 2aa0405 [minor] Fix nits
• 53a8888 [feature] Allow the createConnection option (#2219)
• b119b41 [pkg] Update eslint to version 9.0.0
• 2405c17 [doc] Add punctuation for readability (#2213)
• Additional commits viewable in compare view

Updates @types/ws from 6.0.4 to 8.5.10

Commits

• See full diff in compare view

Updates elliptic from 6.5.3 to 6.5.5

Commits

• 7570078 6.5.5
• 206da2e lib: lint
• 0a78e03 [Fix] restore node < 4 compat
• 43ac7f2 6.5.4
• f4bc72b package: bump deps
• 441b742 ec: validate that a point before deriving keys
• e71b2d9 lib: relint using eslint
• 8421a01 build(deps): bump elliptic from 6.4.1 to 6.5.3 (#231)
• See full diff in compare view

Updates find-my-way from 2.2.4 to 2.2.5

Release notes

Sourced from find-my-way's releases.

v2.2.5

Fixes:

• Enable versioning on demand - #172 This fix disables the automatic route versioning unless a user has configured at least once a route with the version option.

Commits

• b846810 Bumped v2.2.5
• 264a688 Bumped v2.2.4
• 771d019 Standard
• 0118ab6 Enable versioning on demand (#172)
• See full diff in compare view

Updates highlight.js from 10.3.2 to 10.7.3

Release notes

Sourced from highlight.js's releases.

10.7.3

• fix(parser) Resolves issue with missing TypeScript property Jacob Swanner

No other changes.

Version 10.7.2

This is a patch release. The only change is that deprecation messages are throttled and shown only once.

• (chore) throttle deprecation messages (#3092) Mihkel Eidast

10.7.1 - Spring Edition

This .1 patch release fixes an issue with the TypeScript typing info in 10.7.0.

Release notes from 10.7.0

Parser:

• enh(api) add unregisterLanguage method (#3009) [Antoine du Hamel][]
• enh: Make alias registration case insensitive (#3026) [David Ostrovsky][]
• fix(parser) highlightAll() now works if the library is lazy loaded [Josh Goebel][]

New Languages:

• Added 3rd party RiScript grammar to SUPPORTED_LANGUAGES (#2988) [John C][]
• Added 3rd party HLSL grammar to SUPPORTED_LANGUAGES (#3002) [Stef Levesque][]
• Added 3rd party Q# grammar to SUPPORTED_LANGUAGES(#3006) [Vyron Vasileiadis][]

Language grammar improvements:

• fix(python) allow keywords immediately following numbers (#2985) [Josh Goebel][]
• fix(xml) char immediately following tag close mis-highlighted (#3044) [Josh Goebel][]
• fix(ruby) fix defined?() mis-highlighted as def (#3025) [Josh Goebel][]
• fix(c) comments after #include <str> blocks (#3041) [Josh Goebel][]
• fix(cpp) comments after #include <str> blocks (#3041) [Josh Goebel][]
• enh(cpp) Highlight all function dispatches (#3005) [Josh Goebel][]
• enh(python) support type hints and better type support (#2972) [Josh Goebel][]
• enh(gml) Add additional GML 2.3 keywords (#2984) [xDGameStudios][]
• fix(cpp) constructor support for initializers (#3001) [Josh Goebel][]
• enh(php) Add trait to class-like naming patterns (#2997) [Ayesh][]
• enh(php) Add Stringable, UnhandledMatchError, and WeakMap classes/interfaces (#2997) [Ayesh][]
• enh(php) Add mixed to list of keywords (#2997) [Ayesh][]
• enh(php) Add support binary, octal, hex and scientific numerals with underscore separator support (#2997) [Ayesh][]
• enh(php) Add support for Enums (#3004) [Ayesh][]
• enh(ecmascript) Add built-in types [Vaibhav Chanana][]
• enh(kotlin) Add kts as an alias for Kotlin (#3021) [Vaibhav Chanana][]

... (truncated)

Changelog

Sourced from highlight.js's changelog.

Version 10.7.3

• fix(parser) Resolves issue with missing TypeScript property Jacob Swanner

Version 10.7.2

This is a patch release. The only change is that deprecation messages are throttled and shown only once.

• (chore) throttle deprecation messages (#3092) Mihkel Eidast

Version 10.7.1

• fix(parser) Resolves issues with TypeScript types [Josh Goebel][]

Version 10.7.0

Parser:

• enh(api) add unregisterLanguage method (#3009) [Antoine du Hamel][]
• enh: Make alias registration case insensitive (#3026) [David Ostrovsky][]
• fix(parser) highlightAll() now works if the library is lazy loaded [Josh Goebel][]

New Languages:

• Added 3rd party RiScript grammar to SUPPORTED_LANGUAGES (#2988) [John C][]
• Added 3rd party HLSL grammar to SUPPORTED_LANGUAGES (#3002) [Stef Levesque][]
• Added 3rd party Q# grammar to SUPPORTED_LANGUAGES(#3006) [Vyron Vasileiadis][]

Language grammar improvements:

• fix(python) allow keywords immediately following numbers (#2985) [Josh Goebel][]
• fix(xml) char immediately following tag close mis-highlighted (#3044) [Josh Goebel][]
• fix(ruby) fix defined?() mis-highlighted as def (#3025) [Josh Goebel][]
• fix(c) comments after #include <str> blocks (#3041) [Josh Goebel][]
• fix(cpp) comments after #include <str> blocks (#3041) [Josh Goebel][]
• enh(cpp) Highlight all function dispatches (#3005) [Josh Goebel][]
• enh(python) support type hints and better type support (#2972) [Josh Goebel][]
• enh(gml) Add additional GML 2.3 keywords (#2984) [xDGameStudios][]
• fix(cpp) constructor support for initializers (#3001) [Josh Goebel][]
• enh(php) Add trait to class-like naming patterns (#2997) [Ayesh][]
• enh(php) Add Stringable, UnhandledMatchError, and WeakMap classes/interfaces (#2997) [Ayesh][]
• enh(php) Add mixed to list of keywords (#2997) [Ayesh][]
• enh(php) Add support binary, octal, hex and scientific numerals with underscore separator support (#2997) [Ayesh][]

... (truncated)

Commits

• 0c4cc8a (chore) release 10.7.3
• d38b332 fix(parser) Resolve issue with missing TS property (#3225)
• 00233d6 (chore) release 10.7.2
• 4630cde (chore) throttle deprecation messages (#3092)
• 421b23b (chore) fix TS issue, bump 10.7.1
• 7ec45af (chore) bump version to 10.7.0
• bfb5a59 enh(parser) new highlight() API (#3053)
• 6f24850 (cleanup) better boolean naming
• 695ff64 (chore) add shebang for build script
• 23ae72c (chore) rename master branch to main
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by highlightjs_bot, a new releaser for highlight.js since your current version.

Updates hosted-git-info from 2.8.8 to 2.8.9

Changelog

Sourced from hosted-git-info's changelog.

2.8.9 (2021-04-07)

Bug Fixes

• backport regex fix from #76 (29adfe5), closes #84

Commits

• 8d4b369 chore(release): 2.8.9
• 29adfe5 fix: backport regex fix from #76
• See full diff in compare view

Maintainer changes

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.

Updates ini from 1.3.5 to 1.3.8

Commits

• a2c5da8 1.3.8
• af5c6bb Do not use Object.create(null)
• 8b648a1 don't test where our devdeps don't even work
• c74c8af 1.3.7
• 024b8b5 update deps, add linting
• 032fbaf Use Object.create(null) to avoid default object property hazards
• 2da9039 1.3.6
• cfea636 better git push script, before publish instead of after
• 56d2805 do not allow invalid hazardous string as section name
• See full diff in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Updates postcss from 8.4.31 to 8.4.38

Release notes

Sourced from postcss's releases.

8.4.38

• Fixed endIndex: 0 in errors and warnings (by @​romainmenke).

8.4.37

• Fixed original.column are not numbers error in another case.

8.4.36

• Fixed original.column are not numbers error on broken previous source map.

8.4.35

• Avoid ! in node.parent.nodes type.
• Allow to pass undefined to node adding method to simplify types.

8.4.34

• Fixed AtRule#nodes type (by @​tim-we).
• Cleaned up code (by @​DrKiraDmitry).

8.4.33

• Fixed NoWorkResult behavior difference with normal mode (by @​romainmenke).
• Fixed NoWorkResult usage conditions (by @​ahmdammarr).

8.4.32

• Fixed postcss().process() types (by @​ferreira-tb).

Changelog

Sourced from postcss's changelog.

8.4.38

• Fixed endIndex: 0 in errors and warnings (by @​romainmenke).

8.4.37

• Fixed original.column are not numbers error in another case.

8.4.36

• Fixed original.column are not numbers error on broken previous source map.

8.4.35

• Avoid ! in node.parent.nodes type.
• Allow to pass undefined to node adding method to simplify types.

8.4.34

• Fixed AtRule#nodes type (by Tim Weißenfels).
• Cleaned up code (by Dmitry Kirillov).

8.4.33

• Fixed NoWorkResult behavior difference with normal mode (by Romain Menke).
• Fixed NoWorkResult usage conditions (by @​ahmdammarr).

8.4.32

• Fixed postcss().process() types (by Andrew Ferreira).

Commits

• a69d45e Release 8.4.38 version
• 64e35d9 Update dependencies
• c1ad8fb Merge pull request #1932 from romainmenke/fix-warning-end-index--inventive-nu...
• b45e7e9 fix endIndex
• 1bea246 failing test: for endIndex 0 in rangeBy
• 0fd1d86 Add changelog auto release on Github
• 49c906e Release 8.4.37 version
• b5bd92c Fix another broken prev source map issue
• 2882039 Update dependencies
• e5ad939 Release 8.4.36 version
• Additional commits viewable in compare view

Updates ssri from 6.0.1 to 6.0.2

Changelog

Sourced from ssri's changelog.

6.0.2 (2021-04-07)

Bug Fixes

• backport regex change from 8.0.1 (b30dfdb), closes #19

Commits

• b7c8c7c chore(release): 6.0.2
• b30dfdb fix: backport regex change from 8.0.1
• See full diff in compare view

Maintainer changes

This version was pushed to npm by nlf, a new releaser for ssri since your current version.

Updates y18n from 3.2.1 to 3.2.2

Release notes

Sourced from y18n's releases.

y18n y18n-v4.0.3

Bug Fixes

• release: 4.x.x should not enforce Node 10 (#126) (1e21a53)

y18n y18n-v4.0.2

Bug Fixes

• security: ensure entry exists for backport (#120) (b22c0df)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.

Updates ws from 6.2.1 to 6.2.2

Release notes

Sourced from ws's releases.

8.17.0

Features

• The WebSocket constructor now accepts the createConnection option (#2219).

Other notable changes

• The default value of the allowSynchronousEvents option has been changed to true (#2221).

This is a breaking change in a patch release. The assumption is that the option is not widely used.

8.16.0

Features

• Added the autoPong option (01ba54ed).

8.15.1

Notable changes

• The allowMultipleEventsPerMicrotask option has been renamed to allowSynchronousEvents (4ed7fe58).

This is a breaking change in a patch release that could have been avoided with an alias, but the renamed option was added only 3 days ago, so hopefully it hasn't already been widely used.

8.15.0

Features

• Added the allowMultipleEventsPerMicrotask option (93e3552e).

8.14.2

Bug fixes

• Fixed an issue that allowed errors thrown by failed assertions to be swallowed when running tests (7f4e1a75).

8.14.1

Bug fixes

• Improved the reliability of two tests for CITGM (fd3c64cb).

8.14.0

Features

• The WebSocket constructor now accepts HTTP(S) URLs (#2162).

... (truncated)

Commits

• b73b118 [dist] 8.17.0
• 29694a5 [test] Use the highWaterMark variable
• 934c9d6 [ci] Test on node 22
• 1817bac [ci] Do not test on node 21
• 96c9b3d [major] Flip the default value of allowSynchronousEvents (#2221)
• e5f32c7 [fix] Emit at most one event per event loop iteration (#2218)
• 2aa0405 [minor] Fix nits
• 53a8888 [feature] Allow the createConnection option (#2219)
• b119b41 [pkg] Update eslint to version 9.0.0
• 2405c17 [doc] Add punctuation for readability (#2213)
• Additional commits viewable in compare view

Updates elliptic from 6.5.3 to 6.5.5

Commits

• 7570078 6.5.5
• 206da2e lib: lint
• 0a78e03 [Fix] restore node < 4 compat
• 43ac7f2 6.5.4
• f4bc72b package: bump deps
• 441b742 ec: validate that a point before deriving keys
• e71b2d9 lib: relint using eslint
• 8421a01 build(deps): bump elliptic from 6.4.1 to 6.5.3 (#231)
• See full diff in compare view

Updates ini from 1.3.5 to 1.3.8

Commits

• a2c5da8 1.3.8
• af5c6bb Do not use Object.create(null)
• 8b648a1 don't test where our devdeps don't even work
• c74c8af 1.3.7
• 024b8b5 update deps, add linting
• 032fbaf Use Object.create(null) to avoid default object property hazards
• 2da9039 1.3.6
• cfea636 better git push script, before publish instead of after
• 56d2805 do not allow invalid hazardous string as section name
• See full diff in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Updates path-parse from 1.0.6 to 1.0.7

Commits

• See full diff in compare view

Updates ssri from 6.0.1 to 6.0.2

Changelog

Sourced from ssri's changelog.

6.0.2 (2021-04-07)

Bug Fixes

• backport regex change from 8.0.1 (b30dfdb), closes #19

Commits

• b7c8c7c chore(release): 6.0.2
• b30dfdb fix: backport regex change from 8.0.1
• See full diff in compare view

Maintainer changes

This version was pushed to npm by nlf, a new releaser for ssri since your current version.

Updates y18n from 4.0.0 to 4.0.3

Release notes

Sourced from y18n's releases.

y18n y18n-v4.0.3

Bug Fixes

• release: 4.x.x should not enforce Node 10 (#126) (1e21a53)

y18n y18n-v4.0.2

Bug Fixes

• security: ensure entry exists for backport (#120) (b22c0df)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.

Updates dns-packet from 1.3.1 to 1.3.4

Commits

• ebdf849 1.3.4
• ac57872 move all allocUnsafes to allocs for easier maintenance
• c64c950 1.3.3
• 0598ba1 fix .. in encodingLength
• 010aedb 1.3.2
• 0d0d593 backport encodingLength fix to v1
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[tracyboehrer]

@JhontSouth There is def something breaking in what dependabot is updating to. I resolved a couple things. Not enough.

[JhontSouth]

Hi @tracyboehrer,
The error that is being triggered in these pipelines is due to node-fetch, which is pure ESM with versions greater than 2.6.7.
We tried to apply these upgrades but they're incompatible with botbuilder-js, they come with TS compatibility errors in the consumer or compat pipelines, some of them are pure ESM, and others have breaking changes with the method responses and parameters.
Other packages are subdependencies, then their upgrades can't be applied directly.