Bump the npm_and_yarn group across 1 directory with 20 updates

[dependabot]

Bumps the npm_and_yarn group with 16 updates in the / directory:

Package	From	To
@openzeppelin/contracts	3.4.1	4.9.6
@babel/traverse	7.12.13	``
@truffle/db	0.5.19	0.5.59
debug	2.6.9	4.3.4
truffle	5.3.14	5.11.5
hardhat	2.4.1	2.22.2
@nomiclabs/hardhat-waffle	2.0.1	2.0.6
ethereum-waffle	3.4.0	4.0.10
mocha	7.2.0	10.4.0
qs	6.5.2	6.5.3
browserify-sign	4.2.1	4.2.3
decode-uri-component	0.2.0	0.2.2
express	4.17.1	4.19.2
http-cache-semantics	4.1.0	4.1.1
tar	4.4.13	4.4.19
word-wrap	1.2.3	1.2.5

Updates @openzeppelin/contracts from 3.4.1 to 4.9.6

Release notes

Sourced from @​openzeppelin/contracts's releases.

v4.9.6

• Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

v4.9.5

• Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).

v4.9.4

• ERC2771Context and Context: Introduce a _contextPrefixLength() getter, used to trim extra information appended to msg.data.
• Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context.

v4.9.3

Note This release contains a fix for GHSA-g4vp-m682-qqmp.

• ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)
• ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)

v4.9.2

Note This release contains a fix for GHSA-wprv-93r4-jj2p.

• MerkleProof: Fix a bug in processMultiProof and processMultiProofCalldata that allows proving arbitrary leaves if the tree contains a node with value 0 at depth 1.

v4.9.1

Note This release contains a fix for GHSA-5h3x-9wvq-w4m2.

• Governor: Add a mechanism to restrict the address of the proposer using a suffix in the description.

v4.9.0

• ReentrancyGuard: Add a _reentrancyGuardEntered function to expose the guard status. (#3714)
• ERC721Wrapper: add a new extension of the ERC721 token which wraps an underlying token. Deposit and withdraw guarantee that the ownership of each token is backed by a corresponding underlying token with the same identifier. (#3863)
• EnumerableMap: add a keys() function that returns an array containing all the keys. (#3920)
• Governor: add a public cancel(uint256) function. (#3983)
• Governor: Enable timestamp operation for blockchains without a stable block time. This is achieved by connecting a Governor's internal clock to match a voting token's EIP-6372 interface. (#3934)
• Strings: add equal method. (#3774)
• IERC5313: Add an interface for EIP-5313 that is now final. (#4013)
• IERC4906: Add an interface for ERC-4906 that is now Final. (#4012)
• StorageSlot: Add support for string and bytes. (#4008)
• Votes, ERC20Votes, ERC721Votes: support timestamp checkpointing using EIP-6372. (#3934)
• ERC4626: Add mitigation to the inflation attack through virtual shares and assets. (#3979)
• Strings: add toString method for signed integers. (#3773)
• ERC20Wrapper: Make the underlying variable private and add a public accessor. (#4029)
• EIP712: add EIP-5267 support for better domain discovery. (#3969)
• AccessControlDefaultAdminRules: Add an extension of AccessControl with additional security rules for the DEFAULT_ADMIN_ROLE. (#4009)
• SignatureChecker: Add isValidERC1271SignatureNow for checking a signature directly against a smart contract using ERC-1271. (#3932)
• SafeERC20: Add a forceApprove function to improve compatibility with tokens behaving like USDT. (#4067)

... (truncated)

Changelog

Sourced from @​openzeppelin/contracts's changelog.

4.9.6 (2024-02-29)

• Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

4.9.5 (2023-12-08)

• Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).

4.9.3 (2023-07-28)

• ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)
• ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)

4.9.2 (2023-06-16)

• MerkleProof: Fix a bug in processMultiProof and processMultiProofCalldata that allows proving arbitrary leaves if the tree contains a node with value 0 at depth 1.

4.9.1 (2023-06-07)

• Governor: Add a mechanism to restrict the address of the proposer using a suffix in the description.

4.9.0 (2023-05-23)

• ReentrancyGuard: Add a _reentrancyGuardEntered function to expose the guard status. (#3714)
• ERC721Wrapper: add a new extension of the ERC721 token which wraps an underlying token. Deposit and withdraw guarantee that the ownership of each token is backed by a corresponding underlying token with the same identifier. (#3863)
• EnumerableMap: add a keys() function that returns an array containing all the keys. (#3920)
• Governor: add a public cancel(uint256) function. (#3983)
• Governor: Enable timestamp operation for blockchains without a stable block time. This is achieved by connecting a Governor's internal clock to match a voting token's EIP-6372 interface. (#3934)
• Strings: add equal method. (#3774)
• IERC5313: Add an interface for EIP-5313 that is now final. (#4013)
• IERC4906: Add an interface for ERC-4906 that is now Final. (#4012)
• StorageSlot: Add support for string and bytes. (#4008)
• Votes, ERC20Votes, ERC721Votes: support timestamp checkpointing using EIP-6372. (#3934)
• ERC4626: Add mitigation to the inflation attack through virtual shares and assets. (#3979)
• Strings: add toString method for signed integers. (#3773)
• ERC20Wrapper: Make the underlying variable private and add a public accessor. (#4029)
• EIP712: add EIP-5267 support for better domain discovery. (#3969)
• AccessControlDefaultAdminRules: Add an extension of AccessControl with additional security rules for the DEFAULT_ADMIN_ROLE. (#4009)
• SignatureChecker: Add isValidERC1271SignatureNow for checking a signature directly against a smart contract using ERC-1271. (#3932)
• SafeERC20: Add a forceApprove function to improve compatibility with tokens behaving like USDT. (#4067)
• ERC1967Upgrade: removed contract-wide oz-upgrades-unsafe-allow delegatecall annotation, replaced by granular annotation in UUPSUpgradeable. (#3971)
• ERC20Wrapper: self wrapping and deposit by the wrapper itself are now explicitly forbidden. (#4100)
• ECDSA: optimize bytes32 computation by using assembly instead of abi.encodePacked. (#3853)
• ERC721URIStorage: Emit ERC-4906 MetadataUpdate in _setTokenURI. (#4012)
• ShortStrings: Added a library for handling short strings in a gas efficient way, with fallback to storage for longer strings. (#4023)
• SignatureChecker: Allow return data length greater than 32 from EIP-1271 signers. (#4038)
• UUPSUpgradeable: added granular oz-upgrades-unsafe-allow-reachable annotation to improve upgrade safety checks on latest version of the Upgrades Plugins (starting with @openzeppelin/[email protected]). (#3971)
• Initializable: optimize _disableInitializers by using != instead of <. (#3787)
• Ownable2Step: make acceptOwnership public virtual to enable usecases that require overriding it. (#3960)
• UUPSUpgradeable.sol: Change visibility to the functions upgradeTo and upgradeToAndCall from external to public. (#3959)

... (truncated)

Commits

• dc44c9f Release v4.9.6 (#4931)
• a6286d0 Port Base64 tests to truffle (#4926) (#4929)
• bd325d5 Release v4.9.5 (#4790)
• ad6a5b6 Add changeset
• 88ac712 Replace double functionDelegateCall
• a83918d Bump node CI version to 16.x
• 0d5f54e Release v4.9.4 (#4784)
• ccfffe1 Make Multicall context-aware
• 9329cfa Remove Wizard page from 4.x
• e1b3d8c Remove Wizard from 4.x navigation
• Additional commits viewable in compare view

Removes @babel/traverse

Updates @truffle/db from 0.5.19 to 0.5.59

Commits

• 5c7b580 Publish
• e7396c1 Publish
• 1258916 Publish
• 01c1d42 Publish
• b389f81 bump ganache to ^7.0.3
• c05d042 bump ganache to ^7.0.2
• 33ab666 nuke the dead code - jest comment
• f116e2f new hair dont care!
• e7a0b9c Merge pull request #4797 from trufflesuite/eslint-mocha-jest-env
• e6275c6 align with the other package .eslintrcs
• Additional commits viewable in compare view

Updates debug from 2.6.9 to 4.3.4

Release notes

Sourced from debug's releases.

4.3.4

What's Changed

• Add section about configuring JS console to show debug messages by @​gitname in debug-js/debug#866
• Replace deprecated String.prototype.substr() by @​CommanderRoot in debug-js/debug#876

New Contributors

• @​gitname made their first contribution in debug-js/debug#866
• @​CommanderRoot made their first contribution in debug-js/debug#876

Full Changelog: debug-js/debug@4.3.3...4.3.4

4.3.3

Patch Release 4.3.3

This is a documentation-only release. Further, the repository was transferred. Please see notes below.

• Migrates repository from https://github.com/visionmedia/debug to https://github.com/debug-js/debug. Please see notes below as to why this change was made.
• Updates repository maintainership information
• Updates the copyright (no license terms change has been made)
• Removes accidental epizeuxis (#828)
• Adds README section regarding usage in child procs (#850)

Thank you to @​taylor1791 and @​kristofkalocsai for their contributions.

---

Repository Migration Information

I've formatted this as a FAQ, please feel free to open an issue for any additional question and I'll add the response here.

Q: What impact will this have on me?

In most cases, you shouldn't notice any change.

The only exception I can think of is if you pull code directly from https://github.com/visionmedia/debug, e.g. via a "debug": "visionmedia/debug"-type version entry in your package.json - in which case, you should still be fine due to the automatic redirection Github sets up, but you should also update any references as soon as possible.

Q: What are the security implications of this change?

If you pull code directly from the old URL, you should update the URL to https://github.com/debug-js/debug as soon as possible. The old organization has many approved owners and thus a new repository could (in theory) be created at the old URL, circumventing Github's automatic redirect that is in place now and serving malicious code. I (@​qix-) also wouldn't have access to that repository, so while I don't think it would happen, it's still something to consider.

Even in such a case, however, the officially released package on npm (debug) would not be affected. That package is still very much under control (even more than it used to be).

Q: What should I do if I encounter an issue related to the migration?

Search the issues first to see if someone has already reported it, and then open a new issue if someone has not.

Q: Why was this done as a 'patch' release? Isn't this breaking?

No, it shouldn't be breaking. The package on npm shouldn't be affected (aside from this patch release) and any references to the old repository should automatically redirect.

Thus, according to all of the "APIs" (loosely put) involved, nothing should have broken.

... (truncated)

Commits

• da66c86 4.3.4
• 9b33412 replace deprecated String.prototype.substr() (#876)
• c0805cc add section about configuring JS console to show debug messages (#866)
• 043d3cd 4.3.3
• 4079aae update license and more maintainership information
• 19b36c0 update repository location + maintainership information
• f851b00 adds README section regarding usage in child procs (#850)
• d177f2b Remove accidental epizeuxis
• e47f96d 4.3.2
• 1e9d38c cache enabled status per-logger (#799)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by qix, a new releaser for debug since your current version.

Updates truffle from 5.3.14 to 5.11.5

Release notes

Sourced from truffle's releases.

v5.11.5 — Dessertressed

Hello all! Tiny release this week, just internal improvements and dependency updates. Thanks once again to @​legobeat for getting all of these! That's it for now!

How to upgrade

We recommend upgrading to the latest version of Truffle by running:

npm uninstall -g truffle
npm install -g truffle

Changelog

Internal improvements

• Enforce deduped lockfile when linting dependencies (#6193 by @​legobeat)

Dependency updates

• Deduplicate all dependencies and devDependencies (#6194 by @​legobeat)
• Dedupe and lockbump ethers, ethereumjs, web3 (#6192 by @​legobeat)
• Dedupe runtime libraries (#6191 by @​legobeat)
• Dedupe devDependencies and library packages (#6188 by @​legobeat)

v5.11.4 — Malted milk powder

Hello all! Not much this week, primarily just a bunch of internal improvements and dependency updates. 🏗️ Thanks to @​legobeat for getting a bunch of these! 🧱🥁 We've also updated the list of Sourcify networks, even though the fetcher no longer actually checks it.

That's it for now! 👋

How to upgrade

We recommend upgrading to the latest version of Truffle by running:

npm uninstall -g truffle
npm install -g truffle

Changelog

Enhancements

• Add new sourcify networks; fix problem with beam testnet (#6182 by @​haltman-at)

Internal improvements

• Remove gitHead field that snuck its way in (#6187 by @​haltman-at)
• Indicate Node.js supported versions (#6180 by @​legobeat)
• Pin nodejs 20 to 20.5 due to regression in 20.6 (#6186 by @​legobeat)

... (truncated)

Commits

• a26df1f Publish
• 9b23a59 devDeps: webpack@^5.73.0->^5.88.2
• 033fc64 Publish
• 4c80841 Merge pull request #6180 from legobeat/node-version
• 005ebb9 deps: [email protected]>7.5.4
• 56cab73 chore: set engines.node in package manifests
• 3fa384f Publish
• 878725a Turn off mysteriously failing test (sorry)
• c519492 Update Ganache to 7.9.1
• a9ca7ea Publish
• Additional commits viewable in compare view

Updates hardhat from 2.4.1 to 2.22.2

Release notes

Sourced from hardhat's releases.

Hardhat v2.22.2

This release introduces a small change to the initialization process of Hardhat, which makes the task runner more extensible.

Changelog

• 7876104: Initialize the Hardhat Runtime Environment before passing the command line arguments. Thanks @​theethernaut!

Hardhat v2.22.1

This release updates the starter projects available through hardhat init to include Hardhat Ignition as the default deployment system.

Hardhat v2.22.0

This release sets Cancun as the default hardfork used by the Hardhat Network.

Hardhat v2.21.0 — Introducing EDR

This version of Hardhat marks the debut of EDR (Ethereum Development Runtime), our new Rust-based runtime that is a complete rewrite of the original TypeScript-based Hardhat Network. This release lays a new long-term foundation for Hardhat's evolution over the coming year.

There are no functional changes, but there are some performance improvements across the board, which we’ll continue to expand in future updates.

Given the significance of this internal change, there’s a possibility of bugs. If you encounter any problems specific to this version, please report them by opening an issue. You should be able to downgrade to v2.20.1 without losing functionality if needed.

solidity-coverage out-of-memory issues

The solidity-coverage plugin works by heavily instrumenting the code, which sometimes causes OOM (out-of-memory) issues. This new version of Hardhat can, in certain cases, make those problems more likely.

If you run into this, you can fix it by using Node.js’s --max-old-space-size flag:

NODE_OPTIONS="--max-old-space-size=8192" npx hardhat coverage

Dropping support for Node.js v16

As part of this release, we are dropping support for Node.js v16. This version of Node.js reached its end-of-life in September of last year. You can learn more about our support guarantees here.

Hardhat v2.20.1

This release fixes a bug when hardhat_setStorageAt was used in untouched addresses.

Hardhat v2.20.0 — Cancun

This release adds support for the upcoming cancun hardfork. This hardfork is not enabled by default; if you want to use it, then you have to enable it in your Hardhat config:

module.exports = {
  networks: {
    hardhat: {
      hardfork: "cancun",
    },
  },
}

... (truncated)

Commits

• 0d14cc5 Version Packages
• ef932f4 Merge pull request #5014 from NomicFoundation/changeset-ignore
• 3962e1b Ignore EDR js benchmarks package in our changeset config
• ccdc0bb build: bump revm to 7.1 (#4968)
• ba129d3 ci: disable snapshot tests in benchmarks (#5008)
• 7164c5d ci: add performance benchmarks (#4998)
• fa1d2b1 Merge pull request #4951 from theethernaut/parse-before-extendenv
• 7876104 Create dull-pigs-pay.md
• 473d85a Create env before args are parsed
• 739553e edr-0.3.2
• Additional commits viewable in compare view

Updates @nomiclabs/hardhat-waffle from 2.0.1 to 2.0.6

Release notes

Sourced from @​nomiclabs/hardhat-waffle's releases.

@​nomiclabs/hardaht-waffle v2.0.5 released

This is the first version of the plugin published in collaboration with the TrueFi team, the maintainers of Waffle 🚀

We moved this plugin to its own repository, cleaned it up in the process, and implemented some small improvements.

Changes

• c5b5c29: Introduce skipEstimateGas and injectCallHistory fields to hardhat config

Changelog

Sourced from @​nomiclabs/hardhat-waffle's changelog.

2.0.6

Patch Changes

• 7926cc9: Support Waffle ^4.0.8

2.0.5

Patch Changes

• 36441d8: Add hardhat chai matchers incompatibility check
• c5b5c29: Introduce skipEstimateGas and injectCallHistory fields to hardhat config

2.0.3

Patch Changes

• bc940060: Improve how errors are created in the hardhat-waffle plugin (#2307)

2.0.2

Patch Changes

• 8327d8c6: Add support for the hexEqual matcher (#2200)

Commits

• See full diff in compare view

Updates ethereum-waffle from 3.4.0 to 4.0.10

Release notes

Sourced from ethereum-waffle's releases.

@​ethereum-waffle/chai@​4.0.10

Patch Changes

• 4d83cde: Emit matcher improvement

[email protected]

Patch Changes

• Updated dependencies [4d83cde]
  • @​ethereum-waffle/mock-contract@​4.0.4
  • @​ethereum-waffle/chai@​4.0.10
  • @​ethereum-waffle/compiler@​4.0.3

@​ethereum-waffle/chai@​4.0.9

Patch Changes

• 216f1d8: Switch hardhat error priority

[email protected]

Patch Changes

• Updated dependencies [216f1d8]
  • @​ethereum-waffle/chai@​4.0.9
  • @​ethereum-waffle/compiler@​4.0.3
  • @​ethereum-waffle/mock-contract@​4.0.3

@​ethereum-waffle/chai@​4.0.8

Patch Changes

• f93abe9: Move call history injection logic to hardhat plugin
• 9602243: 👔 revertedWith().withArgs no longer fails for uint values exceeding JavaScript's max int limit
• b54c6b9: Add delta to balance changing matchers
• 64707ae: Allow special characters in revertedWith regex
• 702c6ab: 🗾 Extend matching of Hardhat revert reasons
• a0f721a: Move ethers to peer deps
• f6d240e: 🛶 Updates for hardhat v2.11
• Updated dependencies [ee1d1b8]
• Updated dependencies [a0f721a]
  • @​ethereum-waffle/provider@​4.0.5

[email protected]

Patch Changes

• f93abe9: Move call history injection logic to hardhat plugin
• a0f721a: Move ethers to peer deps
• Updated dependencies [da92375]
• Updated dependencies [f93abe9]
• Updated dependencies [46b954e]
• Updated dependencies [9602243]
• Updated dependencies [fb6863d]

... (truncated)

Commits

• 0915e72 🎉 Release new version (#823)
• 4d83cde ⭐️ Support events not defined in a contract (#822)
• a1d89d0 🎉 Release new version (#821)
• 216f1d8 🌏 Switch hardhat errors priority (#820)
• 13d1af0 🎉 Release new version (#796)
• 5637cc5 🦉 Optimism tests use latest commit (#819)
• 1fa1312 🥑 Add mock contract typing (#818)
• 702c6ab 🗾 Extend matching of Hardhat revert reasons (#802)
• 46b954e 🖼 Mock contract chaining behaviour (#816)
• fb6863d 🍶 Implement mocking receive function to revert (#807)
• Additional commits viewable in compare view

Updates mocha from 7.2.0 to 10.4.0

Release notes

Sourced from mocha's releases.

v10.4.0

10.4.0 / 2024-03-26

🎉 Enhancements

• #4829 feat: include .cause stacks in the error stack traces (@​voxpelli)
• #4985 feat: add file path to xunit reporter (@​bmish)

🐛 Fixes

• #5074 fix: harden error handling in lib/cli/run.js (@​stalet)

🔩 Other

• #5077 chore: add mtfoley/pr-compliance-action (@​JoshuaKGoldberg)
• #5060 chore: migrate ESLint config to flat config (@​JoshuaKGoldberg)
• #5095 chore: revert #5069 to restore Netlify builds (@​voxpelli)
• #5097 docs: add sponsored to sponsorship link rels (@​JoshuaKGoldberg)
• #5093 chore: add 'status: in triage' label to issue templates and docs (@​JoshuaKGoldberg)
• #5083 docs: fix CHANGELOG.md headings to start with a root-level h1 (@​JoshuaKGoldberg)
• #5100 chore: fix header generation and production build crashes (@​JoshuaKGoldberg)
• #5104 chore: bump ESLint ecmaVersion to 2020 (@​JoshuaKGoldberg)
• #5116 fix: eleventy template builds crash with 'unexpected token at ": string, msg..."' (@​LcsK)
• #4869 docs: fix documentation concerning glob expansion on UNIX (@​binki)
• #5122 test: fix xunit integration test (@​voxpelli)
• #5123 chore: activate dependabot for workflows (@​voxpelli)
• #5125 build(deps): bump the github-actions group with 2 updates (@​dependabot)

v10.3.0

This is a stable release equivalent to v10.3.0-preminor.0.

What's Changed

• Fix deprecated warn gh actions by @​outsideris in mochajs/mocha#4962
• fix #4837 Update glob due to vulnerability in dep by @​jb2311 in mochajs/mocha#4970
• Add Node v19 to test matrix by @​juergba in mochajs/mocha#4974
• chore: fix the ci by @​Uzlopak in mochajs/mocha#5020
• update can-i-use by @​Uzlopak in mochajs/mocha#5021
• chore: remove uuid dev dependency by @​Uzlopak in mochajs/mocha#5022
• chore: remove nanoid as dependency by @​Uzlopak in mochajs/mocha#5024
• chore: remove touch as dev dependency by @​Uzlopak in mochajs/mocha#5023
• chore: remove stale workflow by @​JoshuaKGoldberg in mochajs/mocha#5029
• docs: fix fragment ID for yargs' "extends" documentation by @​Spencer-Doak in mochajs/mocha#4918
• docs: use mocha.js instead of mocha in the example run by @​nikolas in mochajs/mocha#4927
• docs: fix jsdoc return type of titlePath method by @​F3n67u in mochajs/mocha#4886
• docs: overhaul contributing and maintenance docs for end-of-year 2023 by @​JoshuaKGoldberg in mochajs/mocha#5038
• docs: touchups to labels and a template title post-revamp by @​JoshuaKGoldberg in mochajs/mocha#5050
• fix: add alt text to Built with Netlify badge by @​JoshuaKGoldberg in mochajs/mocha#5068
• chore: inline nyan reporter's write function by @​JoshuaKGoldberg in mochajs/mocha#5056
• chore: remove unnecessary canvas dependency by @​JoshuaKGoldberg in mochajs/mocha#5069

... (truncated)

Changelog

Sourced from mocha's changelog.

10.4.0 / 2024-03-26

🎉 Enhancements

• #4829 feat: include .cause stacks in the error stack traces (@​voxpelli)
• #4985 feat: add file path to xunit reporter (@​bmish)

🐛 Fixes

• #5074 fix: harden error handling in lib/cli/run.js (@​stalet)

🔩 Other

• #5077 chore: add mtfoley/pr-compliance-action (@​JoshuaKGoldberg)
• #5060 chore: migrate ESLint config to flat config (@​JoshuaKGoldberg)
• #5095 chore: revert #5069 to restore Netlify builds (@​voxpelli)
• #5097 docs: add sponsored to sponsorship link rels (@​JoshuaKGoldberg)
• #5093 chore: add 'status: in triage' label to issue templates and docs (@​JoshuaKGoldberg)
• #5083 docs: fix CHANGELOG.md headings to start with a root-level h1 (@​JoshuaKGoldberg)
• #5100 chore: fix header generation and production build crashes (@​JoshuaKGoldberg)
• #5104 chore: bump ESLint ecmaVersion to 2020 (@​JoshuaKGoldberg)
• #5116 fix: eleventy template builds crash with 'unexpected token at ": string, msg..."' (@​LcsK)
• #4869 docs: fix documentation concerning glob expansion on UNIX (@​binki)
• #5122 test: fix xunit integration test (@​voxpelli)
• #5123 chore: activate dependabot for workflows (@​voxpelli)
• #5125 build(deps): bump the github-actions group with 2 updates (@​dependabot)

10.3.0 / 2024-02-08

This is a stable release equivalent to 10.30.0-prerelease.

10.3.0-prerelease / 2024-01-18

This is a prerelease version to test our ability to release. Other than removing or updating dependencies, it contains no intended user-facing changes.

🔩 Other

• #5069: chore: remove unnecessary canvas dependency (@​JoshuaKGoldberg)
• #5068: fix: add alt text to Built with Netlify badge (@​JoshuaKGoldberg)
• #5056: chore: inline nyan reporter's write function (@​JoshuaKGoldberg)
• #5050: docs: touchups to labels and a template title post-revamp (@​JoshuaKGoldberg)
• #5038: docs: overhaul contributing and maintenance docs for end-of-year 2023 (@​JoshuaKGoldberg)
• #5029: chore: remove stale workflow (@​JoshuaKGoldberg)
• #5024: chore: remove nanoid as dependency (@​Uzlopak)
• #5023: chore: remove touch as dev dependency (@​Uzlopak)
• #5022: chore: remove uuid dev dependency (@​Uzlopak)
• #5021: update can-i-use (@​Uzlopak)
• #5020: chore: fix the ci (@​Uzlopak)
• #4974: Add Node v19 to test matrix (@​juergba)

... (truncated)

Commits

• ffd9557 Release v10.4.0
• 7ac67f3 build(deps): bump the github-actions group with 2 updates (#5125)
• 7a2781c chore: activate dependabot for workflows (#5123)
• 97dcbb2 fix: harden error handling in lib/cli/run.js (#5074)
• 6f3f45e fix: xunit integration test (#5122)
• a5b5652 docs: fix documentation concerning glob expansion on UNIX (#4869)
• efbb147 feat: add file path to xunit reporter (#4985)
• a2e600d fix: closes #5115 (#5116)
• 3735873 feat: include .cause stacks in the error stack traces (#4829)
• b88978d chore: bump ESLint ecmaVersion to 2020 (#5104)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by voxpelli, a new releaser for mocha since your current version.

Updates apollo-server-core from 2.25.2 to 3.13.0

Commits

• f93284e Release
• 4745ebe Rename option from disableValidation to dangerouslyDisableValidation
• 11f5981 Add disableValidation option to apollo-server-core
• ea2e2c3 Release
• 1dd45b8 get CI passing
• d38b43b Merge pull request from GHSA-j5g3-5c8r-7qfx
• fac578a Release
• 8554050 Update protobuf (version-3) (#7412)
• 6247d96 Release
• 538151b Release
• Additional commits viewable in