Bump the npm_and_yarn group across 1 directory with 40 updates

[dependabot]

Warning

Dependabot will stop supporting npm v6!

Please upgrade to one of the following versions: v7, v8, v9, or v10.

Bumps the npm_and_yarn group with 5 updates in the /noteapp directory:

Package	From	To
firebase	6.2.3	10.9.0
semver	5.5.0	7.6.3
react-scripts	3.0.1	5.0.1
node-fetch	1.7.3	removed
create-react-class	15.6.3	15.7.0

Updates firebase from 6.2.3 to 10.9.0

Commits

• 1eb302f Version Packages (#8063)
• b498867 Merge master into release
• ce88e71 snapshot listeners source from cache (#7982)
• 6d487d7 Prevent using authTokenSyncURL if the string begins with a double slash (#8060)
• b4d59d6 Merge master into release
• 2b22838 Fix glob pattern to work with Node 20 and its NPM version (#8059)
• feb5038 Update CI node.js versions to 20.x (#8055)
• 245dd26 Enforce authTokenSyncURL being a path and not a url. (#8056)
• e60188d Version Packages (#8046)
• 7e2efbf Merge master into release
• Additional commits viewable in compare view

Updates semver from 5.5.0 to 7.6.3

Release notes

Sourced from semver's releases.

v7.6.3

7.6.3 (2024-07-16)

Bug Fixes

• 73a3d79 #726 optimize Range parsing and formatting (#726) (@​jviide)

Documentation

• 2975ece #719 fix extra backtick typo (#719) (@​stdavis)

v7.6.2

7.6.2 (2024-05-09)

Bug Fixes

• 6466ba9 #713 lru: use map.delete() directly (#713) (@​negezor, @​lukekarrys)

v7.6.1

7.6.1 (2024-05-04)

Bug Fixes

• c570a34 #704 linting: no-unused-vars (@​wraithgar)
• ad8ff11 #704 use internal cache implementation (@​mbtools)
• ac9b357 #682 typo in compareBuild debug message (#682) (@​mbtools)

Dependencies

• 988a8de #709 uninstall lru-cache (#709)
• 3fabe4d #704 remove lru-cache

Chores

• dd09b60 #705 bump @​npmcli/template-oss to 4.22.0 (@​lukekarrys)
• ec49cdc #701 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• b236c3d #696 add benchmarks (#696) (@​H4ad)
• 692451b #688 various improvements to README (#688) (@​mbtools)
• 5feeb7f #705 postinstall for dependabot template-oss PR (@​lukekarrys)
• 074156f #701 bump @​npmcli/template-oss from 4.21.3 to 4.21.4 (@​dependabot[bot])

v7.6.0

7.6.0 (2024-01-31)

Features

• a7ab13a #671 preserve pre-release and build parts of a version on coerce (#671) (@​madtisa, madtisa, @​wraithgar)

Chores

... (truncated)

Changelog

Sourced from semver's changelog.

7.6.3 (2024-07-16)

Bug Fixes

• 73a3d79 #726 optimize Range parsing and formatting (#726) (@​jviide)

Documentation

• 2975ece #719 fix extra backtick typo (#719) (@​stdavis)

7.6.2 (2024-05-09)

Bug Fixes

• 6466ba9 #713 lru: use map.delete() directly (#713) (@​negezor, @​lukekarrys)

7.6.1 (2024-05-04)

Bug Fixes

• c570a34 #704 linting: no-unused-vars (@​wraithgar)
• ad8ff11 #704 use internal cache implementation (@​mbtools)
• ac9b357 #682 typo in compareBuild debug message (#682) (@​mbtools)

Dependencies

• 988a8de #709 uninstall lru-cache (#709)
• 3fabe4d #704 remove lru-cache

Chores

• dd09b60 #705 bump @​npmcli/template-oss to 4.22.0 (@​lukekarrys)
• ec49cdc #701 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• b236c3d #696 add benchmarks (#696) (@​H4ad)
• 692451b #688 various improvements to README (#688) (@​mbtools)
• 5feeb7f #705 postinstall for dependabot template-oss PR (@​lukekarrys)
• 074156f #701 bump @​npmcli/template-oss from 4.21.3 to 4.21.4 (@​dependabot[bot])

7.6.0 (2024-01-31)

Features

• a7ab13a #671 preserve pre-release and build parts of a version on coerce (#671) (@​madtisa, madtisa, @​wraithgar)

Chores

• 816c7b2 #667 postinstall for dependabot template-oss PR (@​lukekarrys)
• 0bd24d9 #667 bump @​npmcli/template-oss from 4.21.1 to 4.21.3 (@​dependabot[bot])
• e521932 #652 postinstall for dependabot template-oss PR (@​lukekarrys)
• 8873991 #652 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)

... (truncated)

Commits

• 0a12d6c chore: release 7.6.3 (#720)
• 73a3d79 fix: optimize Range parsing and formatting (#726)
• 2975ece docs: fix extra backtick typo (#719)
• eb1380b chore: release 7.6.2 (#714)
• 6466ba9 fix(lru): use map.delete() directly (#713)
• d777418 chore: release 7.6.1 (#706)
• 988a8de deps: uninstall lru-cache (#709)
• 5feeb7f chore: postinstall for dependabot template-oss PR
• dd09b60 chore: bump @​npmcli/template-oss to 4.22.0
• c570a34 fix(linting): no-unused-vars
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.

Updates react-scripts from 3.0.1 to 5.0.1

Changelog

Sourced from react-scripts's changelog.

3.4.4 (2020-10-20)

v3.4.4 release bumps resolve-url-loader to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Migrating from 3.4.3 to 3.4.4

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@3.4.4

or

yarn add --exact react-scripts@3.4.4

3.4.3 (2020-08-12)

v3.4.3 release bumps terser-webpack-plugin to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Migrating from 3.4.2 to 3.4.3

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@3.4.3

or

yarn add --exact react-scripts@3.4.3

3.4.2 (2020-08-11)

v3.4.2 release bumps webpack-dev-server to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Migrating from 3.4.1 to 3.4.2

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@3.4.2

or

... (truncated)

Commits

• 19fa58d Publish
• 9802941 fix: webpack noise printed only if error or warning (#12245)
• 2eef1d0 Update templates to use React 18 createRoot (#12220)
• 221e511 Publish
• 5614c87 Add support for Tailwind (#11717)
• 20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)
• 3afbbc0 Update all dependencies (#11624)
• f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)
• c7627ce Update webpack and dev server (#11646)
• 544befe Update package.json (#11597)
• Additional commits viewable in compare view

Updates @babel/traverse from 7.4.5 to 7.26.5

Release notes

Sourced from @​babel/traverse's releases.

v7.26.5 (2025-01-10)

👓 Spec Compliance

• babel-parser
  • #17011 Allow the dynamic import.defer() form of import defer (@​babel-bot)

🐛 Bug Fix

• babel-plugin-transform-block-scoped-functions
  • #17024 chore: Avoid calling isInStrictMode in Babel 7 (@​liuxingbaoyu)
• babel-plugin-transform-typescript
  • #17026 fix: Correctly generate exported const enums in namespace (@​liuxingbaoyu)
• babel-parser
  • #17045 [estree] Unify method type parameters handling (@​JLHwung)
  • #17013 fix: Correctly set position for @(a.b)() (@​liuxingbaoyu)
  • #16996 [estree] Adjust the start loc of class methods with type params (@​nicolo-ribaudo)
• babel-generator, babel-parser, babel-plugin-transform-flow-strip-types, babel-types
  • #17028 Support flow jsx opening element type arguments (@​JLHwung)
• babel-compat-data, babel-preset-env
  • #17031 fix: More accurate transform-typeof-symbol compat data (@​liuxingbaoyu)
• babel-generator, babel-parser, babel-types
  • #17019 Fix incomplete visitor keys (@​JLHwung)

🔬 Output optimization

• babel-plugin-transform-nullish-coalescing-operator
  • #16612 Improve nullish coalescing operator output (@​liuxingbaoyu)

Committers: 5

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu
• fisker Cheung (@​fisker)

v7.26.4 (2024-12-05)

↩️ Revert

• babel-traverse
  • #17005 Revert "perf: Improve scope information collection performance" (@​JLHwung)

Committers: 2

• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)

v7.26.3 (2024-12-04)

🐛 Bug Fix

• babel-generator
  • #16958 [preserveFormat] force semicolons when invalidating ASI (@​nicolo-ribaudo)

🏠 Internal

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.26.5 (2025-01-10)

👓 Spec Compliance

• babel-parser
  • #17011 Allow the dynamic import.defer() form of import defer (@​babel-bot)

🐛 Bug Fix

• babel-plugin-transform-block-scoped-functions
  • #17024 chore: Avoid calling isInStrictMode in Babel 7 (@​liuxingbaoyu)
• babel-plugin-transform-typescript
  • #17026 fix: Correctly generate exported const enums in namespace (@​liuxingbaoyu)
• babel-parser
  • #17045 [estree] Unify method type parameters handling (@​JLHwung)
  • #17013 fix: Correctly set position for @(a.b)() (@​liuxingbaoyu)
  • #16996 [estree] Adjust the start loc of class methods with type params (@​nicolo-ribaudo)
• babel-generator, babel-parser, babel-plugin-transform-flow-strip-types, babel-types
  • #17028 Support flow jsx opening element type arguments (@​JLHwung)
• babel-compat-data, babel-preset-env
  • #17031 fix: More accurate transform-typeof-symbol compat data (@​liuxingbaoyu)
• babel-generator, babel-parser, babel-types
  • #17019 Fix incomplete visitor keys (@​JLHwung)

🔬 Output optimization

• babel-plugin-transform-nullish-coalescing-operator
  • #16612 Improve nullish coalescing operator output (@​liuxingbaoyu)

v7.26.4 (2024-12-05)

↩️ Revert

• babel-traverse
  • #17005 Revert "perf: Improve scope information collection performance" (@​JLHwung)

v7.26.3 (2024-12-04)

🐛 Bug Fix

• babel-generator
  • #16958 [preserveFormat] force semicolons when invalidating ASI (@​nicolo-ribaudo)

🏠 Internal

• babel-helper-builder-binary-assignment-operator-visitor, babel-plugin-transform-exponentiation-operator
  • #16895 Remove helper-builder-binary-assignment-operator-visitor (@​nicolo-ribaudo)

🏃‍♀️ Performance

• babel-generator
  • #16959 perf: Reduce the use of temporary objects (@​liuxingbaoyu)
• babel-traverse
  • #16923 perf: Improve scope information collection performance (@​liuxingbaoyu)
  • #16964 perf: Avoid repeated traversal when creating scope (@​liuxingbaoyu)
• babel-plugin-transform-modules-commonjs
  • #16954 perf: Remove use of simplifyAccess (@​liuxingbaoyu)

v7.26.2 (2024-10-30)

... (truncated)

Commits

• 74181cf v7.26.5
• d35794e [Babel 8] Create TSEnumBody for TSEnumDeclaration (#16979)
• cd24cc0 chore: Update TS 5.7 (#17053)
• cf7b9cd v7.26.4
• f33704a Revert "perf: Improve scope information collection performance" (#17005)
• 36ca8fa v7.26.3
• ded1571 perf: Improve scope information collection performance (#16923)
• 943bdfe perf: Avoid repeated traversal when creating scope (#16964)
• b07957e v7.25.9
• af91759 fix: Accidentally publishing useless files (#16917)
• Additional commits viewable in compare view

Updates @firebase/util from 0.2.20 to 1.9.4

Changelog

Sourced from @​firebase/util's changelog.

1.9.4

Patch Changes

• 434f8418c #7963 (fixes #7962) - Fix isSafari() throwing on React Native

1.9.3

Patch Changes

• c59f537b1 #7019 - Modify base64 decoding logic to throw on invalid input, rather than silently truncating it.

1.9.2

Patch Changes

• d071bd1ac #7007 (fixes #7005) - Move exports.default fields to always be the last field. This fixes a bug caused in 9.17.0 that prevented some bundlers and frameworks from building.

1.9.1

Patch Changes

• 0bab0b7a7 #6981 - Added browser CJS entry points (expected by Jest when using JSDOM mode).

1.9.0

Minor Changes

• 06dc1364d #6901 - Allow users to specify their environment as node or browser to override Firebase's runtime environment detection and force the SDK to act as if it were in the respective environment.

Patch Changes

• d4114a4f7 #6874 (fixes #6838) - Reformat a comment that causes compile errors in some build toolchains.

1.8.0

Minor Changes

• 1625f7a95 #6799 - Update TypeScript version to 4.7.4.

Patch Changes

• c20633ed3 #6841 - Fix for third party window content that cannot access IndexedDB if the browser is set to never accept third party cookies on Firefox.

1.7.3

Patch Changes

• 4af28c1a4 #6682 - Upgrade TypeScript to 4.7.4.

... (truncated)

Commits

• 9fa0e9f Version Packages (#7995)
• 434f841 Fix isSafari() throwing on React Native (fixes #7962) (#7963)
• ebc694a Comment changes for OSS (#7778)
• 2be12d7 [CI] update chrome install steps for Auth builds. (#7602)
• 2e7e548 Version Packages (#7069)
• c59f537 Improve decodeBase64() to throw on invalid input rather than silently accept ...
• 3d605f8 Version Packages (#7008)
• d071bd1 Fix exports fields (#7007)
• 3323f68 Version Packages (#6995)
• 0bab0b7 Add CJS browser entry points for all packages (#6981)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for @​firebase/util since your current version.

Updates ansi-regex from 2.1.1 to 5.0.1

Release notes

Sourced from ansi-regex's releases.

v5.0.1

Fixes (backport of 6.0.1 to v5)

This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.

• Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1

Thank you @​yetingli for the patch and reproduction case!

v5.0.0

Breaking

• Require Node.js 8 166a0d5

Enhancements

• Add TypeScript definition (#32) e77ea17

chalk/ansi-regex@v4.1.0...v5.0.0

v4.1.0

• Support more escape code like links (#29) 96200bb

chalk/ansi-regex@v4.0.0...v4.1.0

Commits

• a9babce 5.0.1
• 4657833 fix incorrect format
• c3c0b3f Fix potential ReDoS (#37)
• 178363b Move to GitHub Actions (#35)
• 0755e66 Add @​Qix- to funding.yml
• 2b56fb0 5.0.0
• f26f7fe Meta tweaks
• e77ea17 Add TypeScript definition (#32)
• 166a0d5 Require Node.js 8
• f115fca Tidelift tasks
• Additional commits viewable in compare view

Updates ajv from 6.10.0 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@​sambauers, #1143) Option keywords to add custom keywords (@​franciscomorais, #1137) Types fixes (@​boenrobot, @​MattiAstedrone) Docs:

• error logging example (@​RadiationSickness)
• TypeScript usage notes (@​thetric)

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @​cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

v6.10.2

Fix: the unknown keywords were ignored with the option strictKeywords: true (instead of failing compilation) in some sub-schemas (e.g. anyOf), when the sub-schema didn't have known keywords.

v6.10.1

Fix types Fix addSchema (#1001) Update dependencies

Commits

• fe59143 6.12.6
• d580d3e Merge pull request #1298 from ajv-validator/fix-url
• fd36389 fix: regular expression for "url" format
• 490e34c docs: link to v7-beta branch
• 9cd93a1 docs: note about v7 in readme
• 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
• f1c8e45 6.12.5
• 764035e Merge branch 'ChALkeR-chalker/fix-comma'
• 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
• a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
• Additional commits viewable in compare view

Updates ansi-html from 0.0.7 to 0.0.9

Commits

• See full diff in compare view

Updates body-parser from 1.19.0 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/body-parser#522
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/body-parser#523
• fix: pin to node@22.4.1 by @​wesleytodd in expressjs/body-parser#527
• deps: qs@6.12.3 by @​melikhov-dev in expressjs/body-parser#521
• Add OSSF Scorecard badge by @​bjohansebas in expressjs/body-parser#531
• Linter by @​UlisesGascon in expressjs/body-parser#534
• Release: 1.20.3 by @​UlisesGascon in expressjs/body-parser#535

New Contributors

• @​inigomarquinez made their first contribution in expressjs/body-parser#522
• @​melikhov-dev made their first contribution in expressjs/body-parser#521
• @​bjohansebas made their first contribution in expressjs/body-parser#531
• @​UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

1.20.2

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1

• deps: qs@6.11.0
• perf: remove unnecessary object clone

1.20.0

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3

... (truncated)

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

1.20.2 / 2023-02-21

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1 / 2022-10-06

• deps: qs@6.11.0
• perf: remove unnecessary object clone

1.20.0 / 2022-04-02

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3
• deps: raw-body@2.5.1
  • deps: http-errors@2.0.0

1.19.2 / 2022-02-15

• deps: bytes@3.1.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• deps: raw-body@2.4.3
  • deps: bytes@3.1.2

1.19.1 / 2021-12-10

... (truncated)

Commits

• 1752951 1.20.3
• 39744cf chore: linter (#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme (#531)
• 99a1bd6 deps: qs@6.12.3 (#521)
• 9478591 fix: pin to node@22.4.1
• 83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
• 9d4e212 chore: add support for OSSF scorecard reporting (#522)
• ee91374 1.20.2
• 368a93a Fix strict json error message on Node.js 19+
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates qs from 6.5.2 to 6.13.0

Changelog

Sourced from qs's changelog.

6.13.0

• [New] parse: add strictDepth option (#511)
• [Tests] use npm audit instead of aud

6.12.3

• [Fix] parse: properly account for strictNullHandling when allowEmptyArrays
• [meta] fix changelog indentation

6.12.2

• [Fix] parse: parse encoded square brackets (#506)
• [readme] add CII best practices badge

6.12.1

• [Fix] parse: Disable decodeDotInKeys by default to restore previous behavior (#501)
• [Performance] utils: Optimize performance under large data volumes, reduce memory usage, and speed up processing (#502)
• [Refactor] utils: use +=
• [Tests] increase coverage

6.12.0

• [New] parse/stringify: add decodeDotInKeys/encodeDotKeys options (#488)
• [New] parse: add duplicates option
• [New] parse/stringify: add allowEmptyArrays option to allow [] in object values (#487)
• [Refactor] parse/stringify: move allowDots config logic to its own variable
• [Refactor] stringify: move option-handling code into normalizeStringifyOptions
• [readme] update readme, add logos (#484)
• [readme] stringify: clarify default arrayFormat behavior
• [readme] fix line wrapping
• [readme] remove dead badges
• [Deps] update side-channel
• [meta] make the dist build 50% smaller
• [meta] add sideEffects flag
• [meta] run build in prepack, not prepublish
• [Tests] parse: remove useless tests; add coverage
• [Tests] stringify: increase coverage
• [Tests] use mock-property
• [Tests] stringify: improve coverage
• [Dev Deps] update @ljharb/eslint-config , aud, has-override-mistake, has-property-descriptors, mock-property, npmignore, object-inspect, tape
• [Dev Deps] pin glob, since v10.3.8+ requires a broken jackspeak
• [Dev Deps] pin jackspeak since 2.1.2+ depends on npm aliases, which kill the install process in npm < 6

6.11.2

• [Fix] parse: Fix parsing when the global Object prototype is frozen (#473)
• [Tests] add passing test cases with empty keys (#473)

6.11.1

• [Fix] stringify: encode comma values more consistently (#463)
• [readme] add usage of filter option for injecting custom serialization, i.e. of custom types (#447)
• [meta] remove extraneous code backticks (#457)
• [meta] fix changelog markdown

... (truncated)

Commits