Bump the npm_and_yarn group across 2 directories with 21 updates

[dependabot]

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package	From	To
@openzeppelin/contracts	3.4.1	4.9.6
async	2.6.3	2.6.4
@nomiclabs/hardhat-waffle	2.0.1	2.0.6
ethereum-waffle	3.4.0	4.0.10
flat	4.1.1	5.0.2
hardhat	2.4.1	2.22.2
mocha	7.2.0	10.4.0
follow-redirects	1.14.1	1.15.6
minimist	1.2.5	1.2.8
Bumps the npm_and_yarn group with 11 updates in the /frontend directory:

Package	From	To
async	2.6.3	2.6.4
decode-uri-component	0.2.0	0.2.2
follow-redirects	1.14.1	1.15.6
json5	1.0.1	1.0.2
qs	6.5.2	6.5.3
browserify-sign	4.2.1	4.2.3
express	4.17.1	4.19.2
got	9.6.0	12.6.1
ipfs	0.55.4	0.66.1
webpack-dev-middleware	3.7.3	5.3.4
react-scripts	3.4.4	5.0.1

Updates @openzeppelin/contracts from 3.4.1 to 4.9.6

Release notes

Sourced from @​openzeppelin/contracts's releases.

v4.9.6

• Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

v4.9.5

• Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).

v4.9.4

• ERC2771Context and Context: Introduce a _contextPrefixLength() getter, used to trim extra information appended to msg.data.
• Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context.

v4.9.3

Note This release contains a fix for GHSA-g4vp-m682-qqmp.

• ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)
• ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)

v4.9.2

Note This release contains a fix for GHSA-wprv-93r4-jj2p.

• MerkleProof: Fix a bug in processMultiProof and processMultiProofCalldata that allows proving arbitrary leaves if the tree contains a node with value 0 at depth 1.

v4.9.1

Note This release contains a fix for GHSA-5h3x-9wvq-w4m2.

• Governor: Add a mechanism to restrict the address of the proposer using a suffix in the description.

v4.9.0

• ReentrancyGuard: Add a _reentrancyGuardEntered function to expose the guard status. (#3714)
• ERC721Wrapper: add a new extension of the ERC721 token which wraps an underlying token. Deposit and withdraw guarantee that the ownership of each token is backed by a corresponding underlying token with the same identifier. (#3863)
• EnumerableMap: add a keys() function that returns an array containing all the keys. (#3920)
• Governor: add a public cancel(uint256) function. (#3983)
• Governor: Enable timestamp operation for blockchains without a stable block time. This is achieved by connecting a Governor's internal clock to match a voting token's EIP-6372 interface. (#3934)
• Strings: add equal method. (#3774)
• IERC5313: Add an interface for EIP-5313 that is now final. (#4013)
• IERC4906: Add an interface for ERC-4906 that is now Final. (#4012)
• StorageSlot: Add support for string and bytes. (#4008)
• Votes, ERC20Votes, ERC721Votes: support timestamp checkpointing using EIP-6372. (#3934)
• ERC4626: Add mitigation to the inflation attack through virtual shares and assets. (#3979)
• Strings: add toString method for signed integers. (#3773)
• ERC20Wrapper: Make the underlying variable private and add a public accessor. (#4029)
• EIP712: add EIP-5267 support for better domain discovery. (#3969)
• AccessControlDefaultAdminRules: Add an extension of AccessControl with additional security rules for the DEFAULT_ADMIN_ROLE. (#4009)
• SignatureChecker: Add isValidERC1271SignatureNow for checking a signature directly against a smart contract using ERC-1271. (#3932)
• SafeERC20: Add a forceApprove function to improve compatibility with tokens behaving like USDT. (#4067)

... (truncated)

Changelog

Sourced from @​openzeppelin/contracts's changelog.

4.9.6 (2024-02-29)

• Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)

4.9.5 (2023-12-08)

• Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).

4.9.3 (2023-07-28)

• ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)
• ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)

4.9.2 (2023-06-16)

• MerkleProof: Fix a bug in processMultiProof and processMultiProofCalldata that allows proving arbitrary leaves if the tree contains a node with value 0 at depth 1.

4.9.1 (2023-06-07)

• Governor: Add a mechanism to restrict the address of the proposer using a suffix in the description.

4.9.0 (2023-05-23)

• ReentrancyGuard: Add a _reentrancyGuardEntered function to expose the guard status. (#3714)
• ERC721Wrapper: add a new extension of the ERC721 token which wraps an underlying token. Deposit and withdraw guarantee that the ownership of each token is backed by a corresponding underlying token with the same identifier. (#3863)
• EnumerableMap: add a keys() function that returns an array containing all the keys. (#3920)
• Governor: add a public cancel(uint256) function. (#3983)
• Governor: Enable timestamp operation for blockchains without a stable block time. This is achieved by connecting a Governor's internal clock to match a voting token's EIP-6372 interface. (#3934)
• Strings: add equal method. (#3774)
• IERC5313: Add an interface for EIP-5313 that is now final. (#4013)
• IERC4906: Add an interface for ERC-4906 that is now Final. (#4012)
• StorageSlot: Add support for string and bytes. (#4008)
• Votes, ERC20Votes, ERC721Votes: support timestamp checkpointing using EIP-6372. (#3934)
• ERC4626: Add mitigation to the inflation attack through virtual shares and assets. (#3979)
• Strings: add toString method for signed integers. (#3773)
• ERC20Wrapper: Make the underlying variable private and add a public accessor. (#4029)
• EIP712: add EIP-5267 support for better domain discovery. (#3969)
• AccessControlDefaultAdminRules: Add an extension of AccessControl with additional security rules for the DEFAULT_ADMIN_ROLE. (#4009)
• SignatureChecker: Add isValidERC1271SignatureNow for checking a signature directly against a smart contract using ERC-1271. (#3932)
• SafeERC20: Add a forceApprove function to improve compatibility with tokens behaving like USDT. (#4067)
• ERC1967Upgrade: removed contract-wide oz-upgrades-unsafe-allow delegatecall annotation, replaced by granular annotation in UUPSUpgradeable. (#3971)
• ERC20Wrapper: self wrapping and deposit by the wrapper itself are now explicitly forbidden. (#4100)
• ECDSA: optimize bytes32 computation by using assembly instead of abi.encodePacked. (#3853)
• ERC721URIStorage: Emit ERC-4906 MetadataUpdate in _setTokenURI. (#4012)
• ShortStrings: Added a library for handling short strings in a gas efficient way, with fallback to storage for longer strings. (#4023)
• SignatureChecker: Allow return data length greater than 32 from EIP-1271 signers. (#4038)
• UUPSUpgradeable: added granular oz-upgrades-unsafe-allow-reachable annotation to improve upgrade safety checks on latest version of the Upgrades Plugins (starting with @openzeppelin/[email protected]). (#3971)
• Initializable: optimize _disableInitializers by using != instead of <. (#3787)
• Ownable2Step: make acceptOwnership public virtual to enable usecases that require overriding it. (#3960)
• UUPSUpgradeable.sol: Change visibility to the functions upgradeTo and upgradeToAndCall from external to public. (#3959)

... (truncated)

Commits

• dc44c9f Release v4.9.6 (#4931)
• a6286d0 Port Base64 tests to truffle (#4926) (#4929)
• bd325d5 Release v4.9.5 (#4790)
• ad6a5b6 Add changeset
• 88ac712 Replace double functionDelegateCall
• a83918d Bump node CI version to 16.x
• 0d5f54e Release v4.9.4 (#4784)
• ccfffe1 Make Multicall context-aware
• 9329cfa Remove Wizard page from 4.x
• e1b3d8c Remove Wizard from 4.x navigation
• Additional commits viewable in compare view

Updates async from 2.6.3 to 2.6.4

Changelog

Sourced from async's changelog.

v2.6.4

• Fix potential prototype pollution exploit (#1828)

Commits

• c6bdaca Version 2.6.4
• 8870da9 Update built files
• 4df6754 update changelog
• 8f7f903 Fix prototype pollution vulnerability (#1828)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by hargasinski, a new releaser for async since your current version.

Updates @nomiclabs/hardhat-waffle from 2.0.1 to 2.0.6

Release notes

Sourced from @​nomiclabs/hardhat-waffle's releases.

@​nomiclabs/hardaht-waffle v2.0.5 released

This is the first version of the plugin published in collaboration with the TrueFi team, the maintainers of Waffle 🚀

We moved this plugin to its own repository, cleaned it up in the process, and implemented some small improvements.

Changes

• c5b5c29: Introduce skipEstimateGas and injectCallHistory fields to hardhat config

Changelog

Sourced from @​nomiclabs/hardhat-waffle's changelog.

2.0.6

Patch Changes

• 7926cc9: Support Waffle ^4.0.8

2.0.5

Patch Changes

• 36441d8: Add hardhat chai matchers incompatibility check
• c5b5c29: Introduce skipEstimateGas and injectCallHistory fields to hardhat config

2.0.3

Patch Changes

• bc940060: Improve how errors are created in the hardhat-waffle plugin (#2307)

2.0.2

Patch Changes

• 8327d8c6: Add support for the hexEqual matcher (#2200)

Commits

• See full diff in compare view

Updates ethereum-waffle from 3.4.0 to 4.0.10

Release notes

Sourced from ethereum-waffle's releases.

@​ethereum-waffle/chai@​4.0.10

Patch Changes

• 4d83cde: Emit matcher improvement

[email protected]

Patch Changes

• Updated dependencies [4d83cde]
  • @​ethereum-waffle/mock-contract@​4.0.4
  • @​ethereum-waffle/chai@​4.0.10
  • @​ethereum-waffle/compiler@​4.0.3

@​ethereum-waffle/chai@​4.0.9

Patch Changes

• 216f1d8: Switch hardhat error priority

[email protected]

Patch Changes

• Updated dependencies [216f1d8]
  • @​ethereum-waffle/chai@​4.0.9
  • @​ethereum-waffle/compiler@​4.0.3
  • @​ethereum-waffle/mock-contract@​4.0.3

@​ethereum-waffle/chai@​4.0.8

Patch Changes

• f93abe9: Move call history injection logic to hardhat plugin
• 9602243: 👔 revertedWith().withArgs no longer fails for uint values exceeding JavaScript's max int limit
• b54c6b9: Add delta to balance changing matchers
• 64707ae: Allow special characters in revertedWith regex
• 702c6ab: 🗾 Extend matching of Hardhat revert reasons
• a0f721a: Move ethers to peer deps
• f6d240e: 🛶 Updates for hardhat v2.11
• Updated dependencies [ee1d1b8]
• Updated dependencies [a0f721a]
  • @​ethereum-waffle/provider@​4.0.5

[email protected]

Patch Changes

• f93abe9: Move call history injection logic to hardhat plugin
• a0f721a: Move ethers to peer deps
• Updated dependencies [da92375]
• Updated dependencies [f93abe9]
• Updated dependencies [46b954e]
• Updated dependencies [9602243]
• Updated dependencies [fb6863d]

... (truncated)

Commits

• 0915e72 🎉 Release new version (#823)
• 4d83cde ⭐️ Support events not defined in a contract (#822)
• a1d89d0 🎉 Release new version (#821)
• 216f1d8 🌏 Switch hardhat errors priority (#820)
• 13d1af0 🎉 Release new version (#796)
• 5637cc5 🦉 Optimism tests use latest commit (#819)
• 1fa1312 🥑 Add mock contract typing (#818)
• 702c6ab 🗾 Extend matching of Hardhat revert reasons (#802)
• 46b954e 🖼 Mock contract chaining behaviour (#816)
• fb6863d 🍶 Implement mocking receive function to revert (#807)
• Additional commits viewable in compare view

Updates flat from 4.1.1 to 5.0.2

Commits

• e5ffd66 Release 5.0.2
• fdb79d5 Update dependencies, refresh lockfile, format with standard.
• e52185d Test against node 14 in CI.
• 0189cb1 Avoid arrow function syntax.
• f25d3a1 Release 5.0.1
• 54cc7ad use standard formatting
• 779816e drop dependencies
• 2eea6d3 Bump lodash from 4.17.15 to 4.17.19
• a61a554 Bump acorn from 7.1.0 to 7.4.0
• 20ef0ef Fix prototype pollution on unflatten
• Additional commits viewable in compare view

Updates hardhat from 2.4.1 to 2.22.2

Release notes

Sourced from hardhat's releases.

Hardhat v2.22.2

This release introduces a small change to the initialization process of Hardhat, which makes the task runner more extensible.

Changelog

• 7876104: Initialize the Hardhat Runtime Environment before passing the command line arguments. Thanks @​theethernaut!

Hardhat v2.22.1

This release updates the starter projects available through hardhat init to include Hardhat Ignition as the default deployment system.

Hardhat v2.22.0

This release sets Cancun as the default hardfork used by the Hardhat Network.

Hardhat v2.21.0 — Introducing EDR

This version of Hardhat marks the debut of EDR (Ethereum Development Runtime), our new Rust-based runtime that is a complete rewrite of the original TypeScript-based Hardhat Network. This release lays a new long-term foundation for Hardhat's evolution over the coming year.

There are no functional changes, but there are some performance improvements across the board, which we’ll continue to expand in future updates.

Given the significance of this internal change, there’s a possibility of bugs. If you encounter any problems specific to this version, please report them by opening an issue. You should be able to downgrade to v2.20.1 without losing functionality if needed.

solidity-coverage out-of-memory issues

The solidity-coverage plugin works by heavily instrumenting the code, which sometimes causes OOM (out-of-memory) issues. This new version of Hardhat can, in certain cases, make those problems more likely.

If you run into this, you can fix it by using Node.js’s --max-old-space-size flag:

NODE_OPTIONS="--max-old-space-size=8192" npx hardhat coverage

Dropping support for Node.js v16

As part of this release, we are dropping support for Node.js v16. This version of Node.js reached its end-of-life in September of last year. You can learn more about our support guarantees here.

Hardhat v2.20.1

This release fixes a bug when hardhat_setStorageAt was used in untouched addresses.

Hardhat v2.20.0 — Cancun

This release adds support for the upcoming cancun hardfork. This hardfork is not enabled by default; if you want to use it, then you have to enable it in your Hardhat config:

module.exports = {
  networks: {
    hardhat: {
      hardfork: "cancun",
    },
  },
}

... (truncated)

Commits

• 0d14cc5 Version Packages
• ef932f4 Merge pull request #5014 from NomicFoundation/changeset-ignore
• 3962e1b Ignore EDR js benchmarks package in our changeset config
• ccdc0bb build: bump revm to 7.1 (#4968)
• ba129d3 ci: disable snapshot tests in benchmarks (#5008)
• 7164c5d ci: add performance benchmarks (#4998)
• fa1d2b1 Merge pull request #4951 from theethernaut/parse-before-extendenv
• 7876104 Create dull-pigs-pay.md
• 473d85a Create env before args are parsed
• 739553e edr-0.3.2
• Additional commits viewable in compare view

Updates mocha from 7.2.0 to 10.4.0

Release notes

Sourced from mocha's releases.

v10.4.0

10.4.0 / 2024-03-26

🎉 Enhancements

• #4829 feat: include .cause stacks in the error stack traces (@​voxpelli)
• #4985 feat: add file path to xunit reporter (@​bmish)

🐛 Fixes

• #5074 fix: harden error handling in lib/cli/run.js (@​stalet)

🔩 Other

• #5077 chore: add mtfoley/pr-compliance-action (@​JoshuaKGoldberg)
• #5060 chore: migrate ESLint config to flat config (@​JoshuaKGoldberg)
• #5095 chore: revert #5069 to restore Netlify builds (@​voxpelli)
• #5097 docs: add sponsored to sponsorship link rels (@​JoshuaKGoldberg)
• #5093 chore: add 'status: in triage' label to issue templates and docs (@​JoshuaKGoldberg)
• #5083 docs: fix CHANGELOG.md headings to start with a root-level h1 (@​JoshuaKGoldberg)
• #5100 chore: fix header generation and production build crashes (@​JoshuaKGoldberg)
• #5104 chore: bump ESLint ecmaVersion to 2020 (@​JoshuaKGoldberg)
• #5116 fix: eleventy template builds crash with 'unexpected token at ": string, msg..."' (@​LcsK)
• #4869 docs: fix documentation concerning glob expansion on UNIX (@​binki)
• #5122 test: fix xunit integration test (@​voxpelli)
• #5123 chore: activate dependabot for workflows (@​voxpelli)
• #5125 build(deps): bump the github-actions group with 2 updates (@​dependabot)

v10.3.0

This is a stable release equivalent to v10.3.0-preminor.0.

What's Changed

• Fix deprecated warn gh actions by @​outsideris in mochajs/mocha#4962
• fix #4837 Update glob due to vulnerability in dep by @​jb2311 in mochajs/mocha#4970
• Add Node v19 to test matrix by @​juergba in mochajs/mocha#4974
• chore: fix the ci by @​Uzlopak in mochajs/mocha#5020
• update can-i-use by @​Uzlopak in mochajs/mocha#5021
• chore: remove uuid dev dependency by @​Uzlopak in mochajs/mocha#5022
• chore: remove nanoid as dependency by @​Uzlopak in mochajs/mocha#5024
• chore: remove touch as dev dependency by @​Uzlopak in mochajs/mocha#5023
• chore: remove stale workflow by @​JoshuaKGoldberg in mochajs/mocha#5029
• docs: fix fragment ID for yargs' "extends" documentation by @​Spencer-Doak in mochajs/mocha#4918
• docs: use mocha.js instead of mocha in the example run by @​nikolas in mochajs/mocha#4927
• docs: fix jsdoc return type of titlePath method by @​F3n67u in mochajs/mocha#4886
• docs: overhaul contributing and maintenance docs for end-of-year 2023 by @​JoshuaKGoldberg in mochajs/mocha#5038
• docs: touchups to labels and a template title post-revamp by @​JoshuaKGoldberg in mochajs/mocha#5050
• fix: add alt text to Built with Netlify badge by @​JoshuaKGoldberg in mochajs/mocha#5068
• chore: inline nyan reporter's write function by @​JoshuaKGoldberg in mochajs/mocha#5056
• chore: remove unnecessary canvas dependency by @​JoshuaKGoldberg in mochajs/mocha#5069

... (truncated)

Changelog

Sourced from mocha's changelog.

10.4.0 / 2024-03-26

🎉 Enhancements

• #4829 feat: include .cause stacks in the error stack traces (@​voxpelli)
• #4985 feat: add file path to xunit reporter (@​bmish)

🐛 Fixes

• #5074 fix: harden error handling in lib/cli/run.js (@​stalet)

🔩 Other

• #5077 chore: add mtfoley/pr-compliance-action (@​JoshuaKGoldberg)
• #5060 chore: migrate ESLint config to flat config (@​JoshuaKGoldberg)
• #5095 chore: revert #5069 to restore Netlify builds (@​voxpelli)
• #5097 docs: add sponsored to sponsorship link rels (@​JoshuaKGoldberg)
• #5093 chore: add 'status: in triage' label to issue templates and docs (@​JoshuaKGoldberg)
• #5083 docs: fix CHANGELOG.md headings to start with a root-level h1 (@​JoshuaKGoldberg)
• #5100 chore: fix header generation and production build crashes (@​JoshuaKGoldberg)
• #5104 chore: bump ESLint ecmaVersion to 2020 (@​JoshuaKGoldberg)
• #5116 fix: eleventy template builds crash with 'unexpected token at ": string, msg..."' (@​LcsK)
• #4869 docs: fix documentation concerning glob expansion on UNIX (@​binki)
• #5122 test: fix xunit integration test (@​voxpelli)
• #5123 chore: activate dependabot for workflows (@​voxpelli)
• #5125 build(deps): bump the github-actions group with 2 updates (@​dependabot)

10.3.0 / 2024-02-08

This is a stable release equivalent to 10.30.0-prerelease.

10.3.0-prerelease / 2024-01-18

This is a prerelease version to test our ability to release. Other than removing or updating dependencies, it contains no intended user-facing changes.

🔩 Other

• #5069: chore: remove unnecessary canvas dependency (@​JoshuaKGoldberg)
• #5068: fix: add alt text to Built with Netlify badge (@​JoshuaKGoldberg)
• #5056: chore: inline nyan reporter's write function (@​JoshuaKGoldberg)
• #5050: docs: touchups to labels and a template title post-revamp (@​JoshuaKGoldberg)
• #5038: docs: overhaul contributing and maintenance docs for end-of-year 2023 (@​JoshuaKGoldberg)
• #5029: chore: remove stale workflow (@​JoshuaKGoldberg)
• #5024: chore: remove nanoid as dependency (@​Uzlopak)
• #5023: chore: remove touch as dev dependency (@​Uzlopak)
• #5022: chore: remove uuid dev dependency (@​Uzlopak)
• #5021: update can-i-use (@​Uzlopak)
• #5020: chore: fix the ci (@​Uzlopak)
• #4974: Add Node v19 to test matrix (@​juergba)

... (truncated)

Commits

• ffd9557 Release v10.4.0
• 7ac67f3 build(deps): bump the github-actions group with 2 updates (#5125)
• 7a2781c chore: activate dependabot for workflows (#5123)
• 97dcbb2 fix: harden error handling in lib/cli/run.js (#5074)
• 6f3f45e fix: xunit integration test (#5122)
• a5b5652 docs: fix documentation concerning glob expansion on UNIX (#4869)
• efbb147 feat: add file path to xunit reporter (#4985)
• a2e600d fix: closes #5115 (#5116)
• 3735873 feat: include .cause stacks in the error stack traces (#4829)
• b88978d chore: bump ESLint ecmaVersion to 2020 (#5104)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by voxpelli, a new releaser for mocha since your current version.

Updates follow-redirects from 1.14.1 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates qs from 6.5.2 to 6.5.3

Changelog

Sourced from qs's changelog.

6.5.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] correctly parse nested arrays
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Refactor] utils: reduce observable [[Get]]s
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [Refactor] parse: only need to reassign the var once
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] always use String(x) over x.toString()
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

Commits

• 298bfa5 v6.5.3
• ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
• 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
• 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
• 12ac1c4 [meta] fix README.md (#399)
• 0338716 [actions] backport actions from main
• 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
• 51b8a0b add FUNDING.yml
• 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
• f814a7f [Dev Deps] backport from main
• Additional commits viewable in compare view

Updates minimist from 1.2.5 to 1.2.8

Changelog

Sourced from minimist's changelog.

v1.2.8 - 2023-02-09

Merged

• [Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17)
• [Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12)
• [Fix] opt.string works with multiple aliases [#10](https://github.com/minimistjs/minimist/issues/10)

Fixed

• [Fix] Fix long option followed by single dash (#17) [#15](https://github.com/minimistjs/minimist/issues/15)
• [Tests] Remove duplicate test (#12) [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] Fix long option followed by single dash [#15](https://github.com/minimistjs/minimist/issues/15)
• [Fix] opt.string works with multiple aliases (#10) [#9](https://github.com/minimistjs/minimist/issues/9)
• [Fix] Fix handling of short option with non-trivial equals [#5](https://github.com/minimistjs/minimist/issues/5)
• [Tests] Remove duplicate test [#8](https://github.com/minimistjs/minimist/issues/8)
• [Fix] opt.string works with multiple aliases [#9](https://github.com/minimistjs/minimist/issues/9)

Commits

• Merge tag 'v0.2.3' a026794
• [eslint] fix indentation and whitespace 5368ca4
• [eslint] fix indentation and whitespace e5f5067
• [eslint] more cleanup 62fde7d
• [eslint] more cleanup 36ac5d0
• [meta] add auto-changelog 73923d2
• [actions] add reusable workflows d80727d
• [eslint] add eslint; rules to enable later are warnings 48bc06a
• [eslint] fix indentation 34b0f1c
• [readme] rename and add badges 5df0fe4
• [Dev Deps] switch from covert to nyc a48b128
• [Dev Deps] update covert, tape; remove unnecessary tap f0fb958
• [meta] create FUNDING.yml; add funding in package.json 3639e0c
• [meta] use npmignore to autogenerate an npmignore file be2e038
• Only apps should have lockfiles 282b570
• isConstructorOrProto adapted from PR ef9153f
• [Dev Deps] update @ljharb/eslint-config, aud 098873c
• [Dev Deps] update @ljharb/eslint-config, aud 3124ed3
• [meta] add safe-publish-latest 4b927de
• [Tests] add aud<...

  Description has been truncated