build(deps): bump the npm_and_yarn group across 1 directory with 23 updates

[dependabot]

Bumps the npm_and_yarn group with 12 updates in the /client directory:

Package	From	To
karma	5.0.9	6.3.16
loader-utils	1.2.3	3.2.1
@angular-devkit/build-angular	0.1001.7	18.0.2
follow-redirects	1.13.0	1.15.6
ini	1.3.5	1.3.6
@angular/cli	10.1.7	10.2.4
json-schema	0.2.3	0.4.0
jsprim	1.4.1	1.4.2
jszip	3.5.0	3.10.1
minimatch	3.0.4	3.1.2
path-parse	1.0.6	1.0.7
y18n	4.0.0	4.0.3

Updates karma from 5.0.9 to 6.3.16

Release notes

Sourced from karma's releases.

v6.3.16

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

v6.3.15

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

v6.3.14

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

v6.3.13

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #3751

v6.3.12

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

v6.3.11

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

... (truncated)

Changelog

Sourced from karma's changelog.

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #3734

... (truncated)

Commits

• ab4b328 chore(release): 6.3.16 [skip ci]
• ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
• c1befa0 chore(release): 6.3.15 [skip ci]
• d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
• 653c762 ci: prevent duplicate CI tasks on creating a PR
• c97e562 chore(release): 6.3.14 [skip ci]
• 91d5acd fix: remove string template from client code
• 69cfc76 fix: warn when singleRun and autoWatch are false
• 839578c fix(security): remove XSS vulnerability in returnUrl query param
• db53785 chore(release): 6.3.13 [skip ci]
• Additional commits viewable in compare view

Updates loader-utils from 1.2.3 to 3.2.1

Release notes

Sourced from loader-utils's releases.

v3.2.1

3.2.1 (2022-11-11)

Bug Fixes

• ReDoS problem (#224) (d2d752d)

v3.2.0

3.2.0 (2021-11-11)

Features

• hash uniformity for base digests (451858b)

v3.1.3

3.1.3 (2021-11-04)

Bug Fixes

• crash with md4 hash (#198) (ef084d4)

v3.1.2

3.1.2 (2021-11-04)

Bug Fixes

• bug with unicode characters (#196) (0426405)

v3.1.1

3.1.1 (2021-11-04)

Bug Fixes

• base64 and unicode characters (02b1f3f)

v3.1.0

3.1.0 (2021-10-29)

Features

• added md4 (wasm version) and md4-native (crypto module version) algorithms (cbf9d1d)

v3.0.0

3.0.0 (2021-10-20)

... (truncated)

Changelog

Sourced from loader-utils's changelog.

3.2.1 (2022-11-11)

Bug Fixes

• ReDoS problem (#224) (d2d752d)

3.2.0 (2021-11-11)

Features

• hash uniformity for base digests (451858b)

3.1.3 (2021-11-04)

Bug Fixes

• crash with md4 hash (#198) (ef084d4)

3.1.2 (2021-11-04)

Bug Fixes

• bug with unicode characters (#196) (0426405)

3.1.1 (2021-11-04)

Bug Fixes

• base64 and unicode characters (02b1f3f)

3.1.0 (2021-10-29)

Features

• added md4 (wasm version) and md4-native (crypto module version) algorithms (cbf9d1d)

3.0.0 (2021-10-20)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 12.13.0 (93a87ce)
• use xxhash64 by default for [hash]/[contenthash] and getHashDigest API
• [emoji] was removed without replacements, please use custom function if you need this

... (truncated)

Commits

• a3fd3ca chore(release): 3.2.1
• d2d752d fix: ReDoS problem (#224)
• 52cd134 chore(deps): bump minimist from 1.2.5 to 1.2.6 (#209)
• 9fe2381 chore: add .gitattributes for normalizing end of lines - fixes #203 (#204)
• a282654 chore(release): 3.2.0
• f2a524b chore(deps): update (#200)
• 451858b feat: hash uniformity for base digests
• f7dbfe1 chore(release): 3.1.3
• ef084d4 fix: crash with md4 hash (#198)
• 097f5c3 chore(release): 3.1.2
• Additional commits viewable in compare view

Updates @angular-devkit/build-angular from 0.1001.7 to 18.0.2

Release notes

Sourced from @​angular-devkit/build-angular's releases.

v18.0.2

18.0.2 (2024-05-29)

@​schematics/angular

Commit	Description
	check both application builder packages in SSR schematic
	set builders assets option correctly for new applications

@​angular/build

Commit	Description
	disable Worker wait loop for Sass compilations in web containers
	print Sass @warn location
	support valid self-closing MathML tags in HTML index file
	support valid self-closing SVG tags in HTML index file

@​angular/pwa

Commit	Description
	set manifest icons location to match assets builder option

v18.0.1

18.0.1 (2024-05-23)

@​schematics/angular

Commit	Description
	use angular.dev in readme

@​angular/build

Commit	Description
	avoid rebasing URLs with function calls
	disable persistent disk caching inside webcontainers by default
	handle esbuild-browser polyfills option as string during ng serve
	only import persistent cache store with active caching

v18.0.0

18.0.0 (2024-05-22)

@​schematics/angular

Commit	Description
	allow application migration to use new build package in projects where possible
	replace assets with public directory
	use eventCoalescing option by default (standalone bootstrap)
	use ngZoneEventCoalescing option by default (module bootstrap)
	use TypeScript bundler module resolution for new projects
	add less dependency in application migration if needed
	add postcss dependency in application migration if needed
	add spaces around eventCoalescing option
	keep deployUrl option when migrating to application builder

... (truncated)

Changelog

Sourced from @​angular-devkit/build-angular's changelog.

18.0.2 (2024-05-29)

@​schematics/angular

Commit	Type	Description
9967c04b8	fix	check both application builder packages in SSR schematic
92b48ab14	fix	set builders assets option correctly for new applications

@​angular/build

Commit	Type	Description
3bb06c37d	fix	disable Worker wait loop for Sass compilations in web containers
c4cf35923	fix	print Sass @warn location
352879804	fix	support valid self-closing MathML tags in HTML index file
476f3084a	fix	support valid self-closing SVG tags in HTML index file

@​angular/pwa

Commit	Type	Description
acbffd236	fix	set manifest icons location to match assets builder option

18.0.1 (2024-05-23)

@​schematics/angular

Commit	Type	Description
01842f515	fix	use angular.dev in readme

@​angular/build

Commit	Type	Description
7d253e9cd	fix	avoid rebasing URLs with function calls
6b6a76a99	fix	disable persistent disk caching inside webcontainers by default
ba70a50b6	fix	handle esbuild-browser polyfills option as string during ng serve
706423aca	fix	only import persistent cache store with active caching

18.0.0 (2024-05-22)

... (truncated)

Commits

• See full diff in compare view

Updates dns-packet from 1.3.1 to 5.6.1

Changelog

Sourced from dns-packet's changelog.

Version 5.6.0 - 2023-04-18

• Feature: Added support for the TLSA record type.

Version 5.5.0 - 2023-03-27

• Feature: Added support for the NAPTR record type.

Version 5.4.0 - 2022-06-14

• Feature: Added support for the SSHFP record type.

Version 5.2.0 - 2019-02-21

• Feature: Added support for de/encoding certain OPT options.

Version 5.1.0 - 2019-01-22

• Feature: Added support for the RP record type.

Version 5.0.0 - 2018-06-01

• Breaking: Node.js 6.0.0 or greater is now required.
• Feature: Added support for DNSSEC record types.

Version 4.1.0 - 2018-02-11

• Feature: Added support for the MX record type.

Version 4.0.0 - 2018-02-04

• Feature: Added streamEncode and streamDecode methods for encoding TCP packets.
• Breaking: Changed the decoded value of TXT records to an array of Buffers. This is to accomodate DNS-SD records which rely on the individual strings record being separated.
• Breaking: Renamed the flag_trunc and flag_auth to flag_tc and flag_aa to match the names of these in the dns standards.

Version 3.0.0 - 2018-01-12

• Breaking: The class option has been changed from integer to string.

Version 2.0.0 - 2018-01-11

• Breaking: Converted module to ES2015, now requires Node.js 4.0 or greater

Commits

• 7b66620 v5.6.1
• 13f19d9 Proper Encoding/Decoding for Email Name Representation for SOA and RP Records...
• 519f55d test node 20
• e50f34c 5.6.0
• f14f483 Add TLSA support (#92)
• ec4d317 sort record types in README alphabetically
• a0687b3 5.5.0
• aca1ff7 implement the NAPTR record (#89)
• 31d3caf 5.4.0
• 0fc249c add SSHFP to readme
• Additional commits viewable in compare view

Updates engine.io from 3.4.2 to 6.5.4

Release notes

Sourced from engine.io's releases.

6.5.4

This release contains some minor changes which should improve the memory usage of the server, notably this.

Links

• Diff: socketio/engine.io@6.5.3...6.5.4
• Client release: -
• ws version: ~8.11.0 (no change)

6.5.3

Bug Fixes

• improve compatibility with node16 module resolution (#689) (c6bf8c0)
• webtransport: properly handle abruptly closed connections (ff1c861)

Links

• Diff: socketio/engine.io@6.5.2...6.5.3
• Client release: -
• ws version: ~8.11.0 (no change)

6.5.2

Bug Fixes

• webtransport: add proper framing (a306db0)

Links

• Diff: socketio/engine.io@6.5.1...6.5.2
• Client release: -
• ws version: ~8.11.0 (no change)

6.5.1

Bug Fixes

• prevent crash when accessing TextDecoder (#684) (6dd2bc4)

Credits

Huge thanks to @​iowaguy for helping!

Links

... (truncated)

Changelog

Sourced from engine.io's changelog.

6.5.4 (2023-11-09)

This release contains some minor changes which should improve the memory usage of the server, notably this.

Dependencies

• ws@~8.11.0 (no change)

6.5.3 (2023-10-06)

Bug Fixes

• improve compatibility with node16 module resolution (#689) (c6bf8c0)
• webtransport: properly handle abruptly closed connections (ff1c861)

Dependencies

• ws@~8.11.0 (no change)

6.5.2 (2023-08-01)

Bug Fixes

• webtransport: add proper framing (a306db0)

Dependencies

• ws@~8.11.0 (no change)

6.5.1 (2023-06-27)

Bug Fixes

• prevent crash when accessing TextDecoder (#684) (6dd2bc4)

Credits

... (truncated)

Commits

• ff0fbfb chore(release): 6.5.4
• 09acb17 ci: add Node.js 20 in the test matrix
• 39937f8 refactor: minor cleanups
• 43c1c1c refactor: simplify code
• 3b5e79e refactor: remove useless references
• f27a6c3 refactor: remove useless reference
• 2da559a chore(release): 6.5.3
• 9545b44 refactor: add cache-control header in the polling response
• ff1c861 fix(webtransport): properly handle abruptly closed connections
• c6bf8c0 fix: improve compatibility with node16 module resolution (#689)
• Additional commits viewable in compare view

Updates ws from 6.1.4 to 8.11.0

Release notes

Sourced from ws's releases.

8.11.0

Features

• WebSocket.prototype.addEventListener() now supports an event listener specified as an object with a handleEvent() method. (9ab743aa).

Bug fixes

• WebSocket.prototype.addEventListener() now adds an event listener only if it is not already in the list of the event listeners for the specified event type (1cec17da).

8.10.0

Features

• Added an export for package.json (211d5d38).

8.9.0

Features

• Added the ability to connect to Windows named pipes (#2079).

8.8.1

Bug fixes

• The Authorization and Cookie headers are no longer sent if the original request for the opening handshake is sent to an IPC server and the client is redirected to another IPC server (bc8bd34e).

8.8.0

Features

• Added the WS_NO_BUFFER_UTIL and WS_NO_UTF_8_VALIDATE environment variables (becf237c).

8.7.0

Features

• Added the ability to inspect the invalid handshake requests and respond to them with a custom HTTP response. (6e5a5ce3).

Bug fixes

• The handshake is now aborted if the Upgrade header field value in the HTTP response is not a case-insensitive match for the value "websocket" (0fdcc0af).
• The Authorization and Cookie headers are no longer sent when following an insecure redirect (wss: to ws:) to the same host (d68ba9e1).

8.6.0

Features

... (truncated)

Commits

• afd8c62 [dist] 8.11.0
• 1cec17d [fix] Add the same event listener only once
• 9ab743a [feature] Add support for objets with a handleEvent() method
• 38f7879 [ci] Test on node 19
• cdca711 [dist] 8.10.0
• 211d5d3 [pkg] Add package.json export
• c4d6eb3 [ci] Do not use the set-output command
• 966f9d4 [dist] 8.9.0
• e628f2b [feature] Support Windows named pipes (#2079)
• 7ff26d9 [doc] Fix nits
• Additional commits viewable in compare view

Updates follow-redirects from 1.13.0 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates glob-parent from 3.1.0 to 5.1.2

Release notes

Sourced from glob-parent's releases.

v5.1.2

Bug Fixes

• eliminate ReDoS (#36) (f923116)

v5.1.1

Bug Fixes

• unescape exclamation mark (#26) (a98874f)

v5.1.0

Features

• add flipBackslashes option to disable auto conversion of slashes (closes #24) (#25) (eecf91d)

v5.0.0

⚠ BREAKING CHANGES

• Drop support for node <6 & bump dependencies

Miscellaneous Chores

• Drop support for node <6 & bump dependencies (896c0c0)

v4.0.0

⚠ BREAKING CHANGES

• question marks are valid path characters on Windows so avoid flagging as a glob when alone
• Update is-glob dependency

Features

• hoist regexps and strings for performance gains (4a80667)
• question marks are valid path characters on Windows so avoid flagging as a glob when alone (2a551dd)
• Update is-glob dependency (e41fcd8)

Changelog

Sourced from glob-parent's changelog.

5.1.2 (2021-03-06)

Bug Fixes

• eliminate ReDoS (#36) (f923116)

6.0.2 (2021-09-29)

Bug Fixes

• Improve performance (#53) (843f8de)

6.0.1 (2021-07-20)

Bug Fixes

• Resolve ReDoS vulnerability from CVE-2021-35065 (#49) (3e9f04a)

6.0.0 (2021-05-03)

⚠ BREAKING CHANGES

• Correct mishandled escaped path separators (#34)
• upgrade scaffold, dropping node <10 support

Bug Fixes

• Correct mishandled escaped path separators (#34) (32f6d52), closes #32

Miscellaneous Chores

• upgrade scaffold, dropping node <10 support (e83d0c5)

5.1.1 (2021-01-27)

Bug Fixes

• unescape exclamation mark (#26) (a98874f)

5.1.0 (2021-01-27)

Features

• add flipBackslashes option to disable auto conversion of slashes (closes #24) (#25) (eecf91d)

5.0.0 (2021-01-27)

⚠ BREAKING CHANGES

• Drop support for node <6 & bump dependencies

... (truncated)

Commits

• eb2c439 chore: update changelog
• 12bcb6c chore: release 5.1.2
• f923116 fix: eliminate ReDoS (#36)
• 0b014a7 chore: add JSDoc returns information (#33)
• 2b24ebd chore: generate initial changelog
• 9b6e874 chore: release 5.1.1
• 749c35e ci: try wrapping the JOB_ID in a string
• 5d39def ci: attempt to switch to published coveralls
• 0b5b37f ci: put the npm step back in for only Windows
• 473f5d8 ci: update azure build images
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by phated, a new releaser for glob-parent since your current version.

Updates ini from 1.3.5 to 1.3.6

Commits

• 2da9039 1.3.6
• cfea636 better git push script, before publish instead of after
• 56d2805 do not allow invalid hazardous string as section name
• See full diff in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Updates @angular/cli from 10.1.7 to 10.2.4

Changelog

Sourced from @​angular/cli's changelog.

10.2.4 (2021-12-15)

@​angular/cli

Commit	Type	Description
745d77728	fix	error when updating Angular packages across multi-major migrations
460ea21b5	fix	logic which determines which temp version of the CLI is to be download during ng update
03da12899	fix	update ng update output for Angular packages

@​schematics/angular

Commit	Type	Description
d6582d489	fix	change karma-jasmine-html-reporter dependency to use tilde

Special Thanks

Alan Agius, Charles Lyding, Doug Parker and Joey Perrott

13.1.1 (2021-12-10)

@​schematics/angular

Commit	Type	Description
a315b968a	fix	updated Angular new project version to v13.1.0

Special Thanks

Alan Agius, Cédric Exbrayat and Derek Cormier

13.1.0 (2021-12-09)

@​angular/cli

Commit	Type	Description
56f802b7d	feat	ask to install angular-eslint when running ng lint in new projects
ecd9fb5c7	feat	provide more detailed error for not found builder
0b6071af3	fix	ng doc does open browser on Windows

... (truncated)

Commits

• c9b5a9c release: v10.2.4
• 8013eec ci: bump Windows CI Node version to 12.13.0
• d0b0ae2 build: update .nvmrc to align with Puppeteer version
• de534b2 test(@​angular/cli): disable NPM 7 with Node v10 test
• 054d776 ci: update Node.js to version 12.20 from 12.18
• 021d281 test(@​angular/cli): disable ng update tests that are no longer supported
• 460ea21 fix(@​angular/cli): logic which determines which temp version of the CLI is to...
• 745d777 fix(@​angular/cli): error when updating Angular packages across multi-major mi...
• 03da128 fix(@​angular/cli): update ng update output for Angular packages
• d0924da test(@​angular/cli): fix failing LTS e2e tests
• Additional commits viewable in compare view

Updates json-schema from 0.2.3 to 0.4.0

Commits

• f6f6a3b Use a little more robust method of checking instances
• ef60987 Update version
• b62f1da Protect against constructor modification, #84
• fb427cd Link to json-schema-org repository in addition to site, fixes #54
• 22f1461 Don't allow proto property to be used for schema default/coerce, fixes #84
• c52a27c Get basic test to pass
• b3f42b3 Add security policy
• 3b0cec3 Update version
• c28470f Update readme to acknowledge the state of the package
• 7dff9cd Merge pull request #81 from hodovani/patch-1
• Additional commits viewable in compare view

Updates jsprim from 1.4.1 to 1.4.2

Changelog

Sourced from jsprim's changelog.

v1.4.2 (2021-11-29)

• #35 Backport json-schema 0.4.0 to version 1.4.x

Commits

• 5c8475f joyent/node-jsprim#35 Backport json-schema 0.4.0 to version 1.4.x
• See full diff in compare view

Maintainer changes

This version was pushed to npm by bahamat, a new releaser for jsprim since your current version.

Updates jszip from 3.5.0 to 3.10.1

Changelog

Sourced from jszip's changelog.

v3.10.1 2022-08-02

• Add sponsorship files.
  • If you appreciate the time spent maintaining JSZip then I would really appreciate your sponsorship.
• Consolidate metadata types and expose OnUpdateCallback #851 and #852
• use const instead var in example from README.markdown #828
• Switch manual download link to HTTPS #839

Internals:

• Replace jshint with eslint #842
• Add performance tests #834

v3.10.0 2022-05-20

• Change setimmediate dependency to more efficient one. Fixes Stuk/jszip#617 (see #829)
• Update types of currentFile metadata to include null (see #826)

v3.9.1 2022-04-06

• Fix recursive definition of InputFileFormat introduced in 3.9.0.

v3.9.0 2022-04-04

• Update types JSZip#loadAsync to accept a promise for data, and remove arguments from new JSZip() (see #752)
• Update types for compressionOptions to JSZipFileOptions and JSZipGeneratorOptions (see #722)
• Add types for generateInternalStream (see #774)

v3.8.0 2022-03-30

• Santize filenames when files are loaded with loadAsync, to avoid "zip slip" attacks. The original filename is available on each zip entry as unsafeOriginalName. See the documentation. Many thanks to McCaulay Hudson for reporting.

v3.7.1 2021-08-05

• Fix build of dist files.
  • Note: this version ensures the changes from 3.7.0 are actually included in the dist files. Thanks to Evan W for reporting.

v3.7.0 2021-07-23

• Fix: Use a null prototype object for this.files (see #766)
  • This change might break existing code if it uses prototype methods on the .files property of a zip object, for example zip.files.toString(). This approach is taken to prevent files in the zip overriding object methods that would exist on a normal object.

v3.6.0 2021-02-09

• Fix: redirect main to dist on browsers (see