Bump lodash and postcss-selector-parser in /data/web_step

[dependabot]

Removes lodash. It's no longer used after updating ancestor dependency postcss-selector-parser. These dependencies need to be updated together.

Removes lodash

Updates postcss-selector-parser from 5.0.0-rc.3 to 5.0.0

Release notes

Sourced from postcss-selector-parser's releases.

5.0.0

Summary of Changes

• The way a descendent combinator that isn't a single space character (E.g. .a .b) is stored in the AST has changed.
• Named Combinators (E.g. .a /for/ .b) are now properly parsed as a combinator.
• It is now possible to look up a node based on the source location of a character in that node and to query nodes if they contain some character.
• Several bug fixes that caused the parser to hang and run out of memory when a / was encountered have been fixed.
• The minimum supported version of Node is now v6.0.0.

Changes to the Descendent Combinator

In prior releases, the value of a descendant combinator with multiple spaces included all the spaces.

• .a .b: Extra spaces are now stored as space before.
  • Old & Busted:
    • combinator.value === " "
  • New hotness:
    • combinator.value === " " && combinator.spaces.before === " "
• .a /*comment*/.b: A comment at the end of the combinator causes extra space to become after space.
  • Old & Busted:
    • combinator.value === " "
    • combinator.raws.value === " /*comment/"
  • New hotness:
    • combinator.value === " "
    • combinator.spaces.after === " "
    • combinator.raws.spaces.after === " /*comment*/"
• .a<newline>.b: whitespace that doesn't start or end with a single space character is stored as a raw value.
  • Old & Busted:
    • combinator.value === "\n"
    • combinator.raws.value === undefined
  • New hotness:
    • combinator.value === " "
    • combinator.raws.value === "\n"

Support for "Named Combinators"

Although, nonstandard and unlikely to ever become a standard, combinators like /deep/ and /for/ are now properly supported.

Because they've been taken off the standardization track, there is no spec-official name for combinators of the form /<ident>/. However, I talked to Tab Atkins and we agreed to call them "named combinators" so now they are called that.

Before this release such named combinators were parsed without intention and generated three nodes of type "tag" where the first and last nodes had a value of "/".

• .a /for/ .b is parsed as a combinator.
  • Old & Busted:
    • root.nodes[0].nodes[1].type === "tag"
    • root.nodes[0].nodes[1].value === "/"
  • New hotness:
    • root.nodes[0].nodes[1].type === "combinator"
    • root.nodes[0].nodes[1].value === "/for/"
• .a /F\6fR/ .b escapes are handled and uppercase is normalized.

... (truncated)

Changelog

Sourced from postcss-selector-parser's changelog.

5.0.0

• Allow escaped dot within class name.
• Update PostCSS to 7.0.7 (patch)

5.0.0-rc.4

• Fixed an issue where comments immediately after an insensitive (in attribute) were not parsed correctly.
• Updated cssesc to 2.0.0 (major).
• Removed outdated integration tests.
• Added tests for custom selectors, tags with attributes, the universal selector with pseudos, and tokens after combinators.

5.0.0-rc.1

To ease adoption of the v5.0 release, we have relaxed the node version check performed by npm at installation time to allow for node 4, which remains officially unsupported, but likely to continue working for the time being.

5.0.0-rc.0

This release has BREAKING CHANGES that were required to fix regressions in 4.0.0 and to make the Combinator Node API consistent for all combinator types. Please read carefully.

Summary of Changes

• The way a descendent combinator that isn't a single space character (E.g. .a .b) is stored in the AST has changed.
• Named Combinators (E.g. .a /for/ .b) are now properly parsed as a combinator.
• It is now possible to look up a node based on the source location of a character in that node and to query nodes if they contain some character.
• Several bug fixes that caused the parser to hang and run out of memory when a / was encountered have been fixed.
• The minimum supported version of Node is now v6.0.0.

Changes to the Descendent Combinator

In prior releases, the value of a descendant combinator with multiple spaces included all the spaces.

• .a .b: Extra spaces are now stored as space before.
  • Old & Busted:
    • combinator.value === " "
  • New hotness:
    • combinator.value === " " && combinator.spaces.before === " "
• .a /*comment*/.b: A comment at the end of the combinator causes extra space to become after space.
  • Old & Busted:
    • combinator.value === " "
    • combinator.raws.value === " /*comment/"
  • New hotness:
    • combinator.value === " "

... (truncated)

Commits

• b47e255 5.0.0
• 3838c63 Update API.md processor example
• dec5d31 Update PostCSS to 7.0.7 (patch)
• 5ad61d6 Allow escaped dot within class name
• c6e79b4 5.0.0-rc.4
• 23d702b chore: remove outdated integration tests
• 0d573ed test: custom selectors
• 4f44148 test: tag with attribute
• 63996af test: universal selector with pseudo
• ce4f3ca Update dependencies
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonathantneal, a new releaser for postcss-selector-parser since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.