Bump lodash, eslint, gulp, gulp-eslint, karma and karma-webpack

[dependabot]

Bumps lodash to 4.17.21 and updates ancestor dependencies lodash, eslint, gulp, gulp-eslint, karma and karma-webpack. These dependencies need to be updated together.

Updates lodash from 4.17.11 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates eslint from 1.10.3 to 8.38.0

Release notes

Sourced from eslint's releases.

v8.38.0

Features

• a1d561d feat: Move getDeclaredVariables and getAncestors to SourceCode (#17059) (Nicholas C. Zakas)

Bug Fixes

• 1c1ece2 fix: do not report on RegExp(...args) in require-unicode-regexp (#17037) (Francesco Trotta)

Documentation

• 7162d34 docs: Mention new config system is complete (#17068) (Nicholas C. Zakas)
• 0fd6bb2 docs: Update README (GitHub Actions Bot)
• c83531c docs: Update/remove external links, eg. point to eslint-community (#17061) (Pelle Wessman)
• a3aa6f5 docs: Clarify no-div-regex rule docs (#17051) (Francesco Trotta)
• b0f11cf docs: Update README (GitHub Actions Bot)
• da8d52a docs: Update the second object instance for the "no-new" rule (#17020) (Ahmadou Waly NDIAYE)
• 518130a docs: switch language based on current path (#16687) (Percy Ma)
• 24206c4 docs: Update README (GitHub Actions Bot)

Chores

• 59ed060 chore: upgrade @​eslint/js@​8.38.0 (#17069) (Milos Djermanovic)
• 88c0898 chore: package.json update for @​eslint/js release (ESLint Jenkins)
• cf682d2 refactor: simplify new-parens rule schema (#17060) (MHO)
• 0dde022 ci: bump actions/add-to-project from 0.4.1 to 0.5.0 (#17055) (dependabot[bot])

v8.37.0

Features

• b6ab8b2 feat: require-unicode-regexp add suggestions (#17007) (Josh Goldberg)
• 10022b1 feat: Copy getScope() to SourceCode (#17004) (Nicholas C. Zakas)
• 1665c02 feat: Use plugin metadata for flat config serialization (#16992) (Nicholas C. Zakas)
• b3634f6 feat: docs license (#17010) (Samuel Roldan)
• 892e6e5 feat: languageOptions.parser must be an object. (#16985) (Nicholas C. Zakas)

Bug Fixes

• 619f3fd fix: correctly handle null default config in RuleTester (#17023) (Brad Zacher)
• 1fbf118 fix: getFirstToken/getLastToken on comment-only node (#16889) (Francesco Trotta)
• 129e252 fix: Fix typo in logical-assignment-operators rule description (#17000) (Francesco Trotta)

Documentation

• 75339df docs: fix typos and missing info in id-match docs (#17029) (Ed Lucas)
• ec2d830 docs: Fix typos in the semi rule docs (#17012) (Andrii Lundiak)
• e39f28d docs: add back to top button (#16979) (Tanuj Kanti)
• 721c717 docs: Custom Processors cleanup and expansion (#16838) (Ben Perlmutter)
• d049f97 docs: 'How ESLint is Maintained' page (#16961) (Ben Perlmutter)
• 5251a92 docs: Describe guard options for guard-for-in (#16986) (alope107)
• 6157d81 docs: Add example to guard-for-in docs. (#16983) (alope107)
• fd47998 docs: update Array.prototype.toSorted specification link (#16982) (Milos Djermanovic)
• 3e1cf6b docs: Copy edits on Maintain ESLint docs (#16939) (Ben Perlmutter)

Chores

• c67f299 chore: upgrade @​eslint/js@​8.37.0 (#17033) (Milos Djermanovic)
• ee9ddbd chore: package.json update for @​eslint/js release (ESLint Jenkins)

... (truncated)

Changelog

Sourced from eslint's changelog.

v8.38.0 - April 7, 2023

• 59ed060 chore: upgrade @​eslint/js@​8.38.0 (#17069) (Milos Djermanovic)
• 88c0898 chore: package.json update for @​eslint/js release (ESLint Jenkins)
• 7162d34 docs: Mention new config system is complete (#17068) (Nicholas C. Zakas)
• a1d561d feat: Move getDeclaredVariables and getAncestors to SourceCode (#17059) (Nicholas C. Zakas)
• 0fd6bb2 docs: Update README (GitHub Actions Bot)
• c83531c docs: Update/remove external links, eg. point to eslint-community (#17061) (Pelle Wessman)
• cf682d2 refactor: simplify new-parens rule schema (#17060) (MHO)
• a3aa6f5 docs: Clarify no-div-regex rule docs (#17051) (Francesco Trotta)
• 0dde022 ci: bump actions/add-to-project from 0.4.1 to 0.5.0 (#17055) (dependabot[bot])
• b0f11cf docs: Update README (GitHub Actions Bot)
• da8d52a docs: Update the second object instance for the "no-new" rule (#17020) (Ahmadou Waly NDIAYE)
• 518130a docs: switch language based on current path (#16687) (Percy Ma)
• 24206c4 docs: Update README (GitHub Actions Bot)
• 1c1ece2 fix: do not report on RegExp(...args) in require-unicode-regexp (#17037) (Francesco Trotta)

v8.37.0 - March 28, 2023

• c67f299 chore: upgrade @​eslint/js@​8.37.0 (#17033) (Milos Djermanovic)
• ee9ddbd chore: package.json update for @​eslint/js release (ESLint Jenkins)
• dddb475 chore: upgrade @​eslint/eslintrc@​2.0.2 (#17032) (Milos Djermanovic)
• 522431e chore: upgrade espree@9.5.1 (#17031) (Milos Djermanovic)
• f5f9a88 chore: upgrade eslint-visitor-keys@3.4.0 (#17030) (Milos Djermanovic)
• 75339df docs: fix typos and missing info in id-match docs (#17029) (Ed Lucas)
• b6ab8b2 feat: require-unicode-regexp add suggestions (#17007) (Josh Goldberg)
• 4dd8d52 ci: bump actions/stale from 7 to 8 (#17026) (dependabot[bot])
• 619f3fd fix: correctly handle null default config in RuleTester (#17023) (Brad Zacher)
• ec2d830 docs: Fix typos in the semi rule docs (#17012) (Andrii Lundiak)
• e39f28d docs: add back to top button (#16979) (Tanuj Kanti)
• ad9dd6a chore: remove duplicate scss, (#17005) (Strek)
• 10022b1 feat: Copy getScope() to SourceCode (#17004) (Nicholas C. Zakas)
• 1665c02 feat: Use plugin metadata for flat config serialization (#16992) (Nicholas C. Zakas)
• b3634f6 feat: docs license (#17010) (Samuel Roldan)
• 721c717 docs: Custom Processors cleanup and expansion (#16838) (Ben Perlmutter)
• 1fbf118 fix: getFirstToken/getLastToken on comment-only node (#16889) (Francesco Trotta)
• 129e252 fix: Fix typo in logical-assignment-operators rule description (#17000) (Francesco Trotta)
• 892e6e5 feat: languageOptions.parser must be an object. (#16985) (Nicholas C. Zakas)
• ada6a3e ci: unpin Node 19 (#16993) (Milos Djermanovic)
• c3da975 chore: Remove triage label from template (#16990) (Nicholas C. Zakas)
• d049f97 docs: 'How ESLint is Maintained' page (#16961) (Ben Perlmutter)
• 5251a92 docs: Describe guard options for guard-for-in (#16986) (alope107)
• 69bc0e2 ci: pin Node 19 to 19.7.0 (#16987) (Milos Djermanovic)
• 6157d81 docs: Add example to guard-for-in docs. (#16983) (alope107)
• fd47998 docs: update Array.prototype.toSorted specification link (#16982) (Milos Djermanovic)
• 3e1cf6b docs: Copy edits on Maintain ESLint docs (#16939) (Ben Perlmutter)

v8.36.0 - March 10, 2023

• 602b111 chore: upgrade @​eslint/js@​8.36.0 (#16978) (Milos Djermanovic)

... (truncated)

Commits

• 198e5fc 8.38.0
• 7897c3b Build: changelog update for 8.38.0
• 59ed060 chore: upgrade @​eslint/js@​8.38.0 (#17069)
• 88c0898 chore: package.json update for @​eslint/js release
• 7162d34 docs: Mention new config system is complete (#17068)
• a1d561d feat: Move getDeclaredVariables and getAncestors to SourceCode (#17059)
• 0fd6bb2 docs: Update README
• c83531c docs: Update/remove external links, eg. point to eslint-community (#17061)
• cf682d2 refactor: simplify new-parens rule schema (#17060)
• a3aa6f5 docs: Clarify no-div-regex rule docs (#17051)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by eslintbot, a new releaser for eslint since your current version.

Updates gulp from 3.9.1 to 4.0.2

Release notes

Sourced from gulp's releases.

v4.0.2

Fix

• Bind src/dest/symlink to the gulp instance to support esm exports (5667666) - Ref standard-things/esm#797

Docs

• Add notes about esm support (4091bd3) - Closes #2278
• Fix the Negative Globs section & examples (3c66d95) - Closes #2297
• Remove next tag from recipes (1693a11) - Closes #2277
• Add default task wrappers to Watching Files examples to make runnable (d916276) - Closes #2322
• Fix syntax error in lastRun API docs (ea52a92) - Closes #2315
• Fix typo in Explaining Globs (5d81f42) - Closes #2326

Build

• Add node 12 to Travis & Azure (b4b5a68)

v4.0.1

Fix

• Temporary workaround for facebook/Docusaurus#257 (9f4a2e9) - Closes facebook/Docusaurus#257

Docs

• Fix error in ES2015 usage example (a4e8d48) - Closes #2099 #2100
• Add temporary notice for 4.0.0 vs 3.9.1 documentation (126423a) - Closes #2121
• Improve recipe for empty glob array (45830cf) - Closes #2122
• Reword standard to default (b065a13)
• Fix recipe typo (86acdea) - Closes #2156
• Add front-matter to each file (d693e49) - Closes #2109
• Rename "Getting Started" to "Quick Start" & update it (6a0fa00)
• Add "Creating Tasks" documentation (21b6962)
• Add "JavaScript and Gulpfiles" documentation (31adf07)
• Add "Working with Files" documentation (50fafc6)
• Add "Async Completion" documentation (ad8b568)
• Add "Explaining Globs" documentation (f8cafa0)
• Add "Using Plugins" documentation (233c3f9)
• Add "Watching Files" documentation (f3f2d9f)
• Add Table of Contents to "Getting Started" directory (a43caf2)
• Improve & fix parts of Getting Started (84b0234)
• Create and link-to a "docs missing" page for LINK_NEEDED references (2bd75d0)
• Redirect users to new Getting Started guides (53e9727)
• Temporarily reference gulp@next in Quick Start (2cecf1e)
• Fixed a capitalization typo in a heading (3d051d8) - Closes #2242
• Use h2 headers within Quick Start documentation (921312c) - Closes #2241
• Fix for nested directories references (4c2b9a7)
• Add some more cleanup for Docusaurus (6a8fd8f)
• Temporarily point LINK_NEEDED references to documentation-missing.md (df7cdcb)
• API documentation improvements based on feedback (0a68710)

... (truncated)

Changelog

Sourced from gulp's changelog.

gulp changelog

4.0.0

Task system changes

• replaced 3.x task system (orchestrator) with new task system (bach)
  • removed gulp.reset
  • removed 3 argument syntax for gulp.task
  • gulp.task should only be used when you will call the task with the CLI
  • added gulp.series and gulp.parallel methods for composing tasks. Everything must use these now.
  • added single argument syntax for gulp.task which allows a named function to be used as the name of the task and task function.
  • added gulp.tree method for retrieving the task tree. Pass { deep: true } for an archy compatible node list.
  • added gulp.registry for setting custom registries.

CLI changes

• split CLI out into a module if you want to save bandwidth/disk space. you can install the gulp CLI using either npm install gulp -g or npm install gulp-cli -g, where gulp-cli is the smaller one (no module code included)
• add --tasks-json flag to CLI to dump the whole tree out for other tools to consume
• added --verify flag to check the dependencies in package.json against the plugin blacklist.

vinyl/vinyl-fs changes

• added gulp.symlink which functions exactly like gulp.dest, but symlinks instead.
• added dirMode param to gulp.dest and gulp.symlink which allows better control over the mode of the destination folder that is created.
• globs passed to gulp.src will be evaluated in order, which means this is possible gulp.src(['*.js', '!b*.js', 'bad.js']) (exclude every JS file that starts with a b except bad.js)
• performance for gulp.src has improved massively
  • gulp.src(['**/*', '!b.js']) will no longer eat CPU since negations happen during walking now
• added since option to gulp.src which lets you only match files that have been modified since a certain date (for incremental builds)
• fixed gulp.src not following symlinks
• added overwrite option to gulp.dest which allows you to enable or disable overwriting of existing files

Commits

• 069350a Release: 4.0.2
• b4b5a68 Build: Add node 12 to Travis & Azure
• 5667666 Fix: Bind src/dest/symlink to the gulp instance to support esm exports (ref s...
• 4091bd3 Docs: Add notes about esm support (closes #2278)
• 3c66d95 Docs: Fix the Negative Globs section & examples (closes #2297)
• 1693a11 Docs: Remove next tag from recipes (closes #2277)
• d916276 Docs: Add default task wrappers to Watching Files examples to make runnable (...
• ea52a92 Docs: Fix syntax error in lastRun API docs (closes #2315)
• 5d81f42 Docs: Fix typo in Explaining Globs (#2326)
• ea3bba4 Release: 4.0.1
• Additional commits viewable in compare view

Updates gulp-eslint from 1.1.1 to 6.0.0

Release notes

Sourced from gulp-eslint's releases.

v6.0.0

• Upgrade to ESLint 6 (#235) a35a203

adametry/gulp-eslint@v5.0.0...v6.0.0

Changelog

Sourced from gulp-eslint's changelog.

6.0.0

• Bump eslint dependency to ^6.0.0 https://eslint.org/blog/2019/06/eslint-v6.0.0-released
• Drop support for Node 6 and 7

5.0.0

• Bump eslint dependency to ^5.0.0 https://eslint.org/blog/2018/06/eslint-v5.0.0-released
• Use destructuring assignment to simplify the code

4.0.2

• Update plugin-error to ^1.0.0

4.0.1

• Make fix option work even if quiet option is also enabled
• Remove deprecated gulp-util dependency and use individual modules instead

4.0.0

• Drop support for linting Stream contents
  • Because almost all, at least widely used tools to handle JavaScript files don't support Streams. They only support either String or Buffer.
• Use Buffer.from(<string>) instead of the deprecated new Buffer(<string>)
  • Note that Buffer.from is only available on Node.js >= 4.5.0.
• Bump eslint dependency to ^4.0.0
• Emit a PluginError when it fails to load an ESLint plugin

3.0.1

• Remove unnecessary object-assign dependency

3.0.0

• Bump eslint dependency to ^3.0.0 https://eslint.org/blog/2016/07/eslint-v3.0.0-released
• Use ES2015 syntax
• Remove these deprecated option aliases:
  • global
  • env
  • config
  • rulesdir
  • eslintrc
• Drop support for non-array globals option

2.1.0

• Remove now obsolete error handling for formatter loading
  • It's gracefully done in ESLint >=v2.10.0. eslint/eslint#5978

2.0.0

... (truncated)

Commits

• 5dd78fa 6.0.0
• a35a203 Upgrade to ESLint 6 (#235)
• 40d004f 5.0.0
• 72c3599 use destructuring assignment to simplify the code
• aed571b update dependencies and devDependencies (#224)
• a58a58d 4.0.2
• 0880d1a update plugin-error and mocha
• 1d79ed0 4.0.1
• 8f7e966 replace all HTTP protocols with HTTPS
• b48a04a remove deprecated gulp-util dependency (#213)
• Additional commits viewable in compare view

Updates karma from 1.7.1 to 6.4.1

Release notes

Sourced from karma's releases.

v6.4.1

6.4.1 (2022-09-19)

Bug Fixes

• pass integrity value (63d86be)

v6.4.0

6.4.0 (2022-06-14)

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

v6.3.20

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #3730

v6.3.19

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

v6.3.18

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

v6.3.17

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#3763) (fca1884)

v6.3.16

... (truncated)

Changelog

Sourced from karma's changelog.

6.4.1 (2022-09-19)

Bug Fixes

• pass integrity value (63d86be)

6.4.0 (2022-06-14)

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

... (truncated)

Commits

• 0013121 chore(release): 6.4.1 [skip ci]
• 63d86be fix: pass integrity value
• 84f7cc3 chore(release): 6.4.0 [skip ci]
• f2d0663 docs: add integrity parameter
• dc51a2e feat: support SRI verification of link tags
• 6a54b1c feat: support SRI verification of script tags
• 5e71cf5 chore(release): 6.3.20 [skip ci]
• e17698f fix: prefer IPv4 addresses when resolving domains
• 60f4f79 build: add Node 16 and 18 to the CI matrix
• 6ff5aaf chore(release): 6.3.19 [skip ci]
• Additional commits viewable in compare view

Updates karma-webpack from 1.8.1 to 5.0.0

Release notes

Sourced from karma-webpack's releases.

v5.0.0

No release notes provided.

v5.0.0-alpha.6

Bug Fixes

• automatically fix missing webpack framework and report a warning (ea5dc8e)
• fix an issue where multiple karma-webpack processes could not run in parallel (ea3dabe)
• bump hotfix dependencies (98b3ec9)

v5.0.0-alpha.5

Bug Fixes

• change the webpack peer dependency to webpack v5 (2e0ca74)

v5.0.0-alpha.4

Bug Fixes

• fix compatibility issues for webpack v5 (8d7366f), closes #452
• remove deprecation warning for .watch() (4fe1f60)

v4.0.2

4.0.2 (2019-06-08)

Bug Fixes

• don't error when webpackMiddleware config not provided' (#418) (7570912)

v4.0.1

4.0.1 (2019-06-07)

Bug Fixes

• package: point to dist instead of lib (#417) (c0a0d47)

v4.0.0

4.0.0 (2019-06-07)

Bug Fixes

• karma-webpack: Regression in multi-compiler mode (#390) (#391) (63cfd78)

chore

• default: update (#412) (74e526f)

... (truncated)

Changelog

Sourced from karma-webpack's changelog.

5.0.0 (2021-02-02)

No changes, just a new stable release.

5.0.0-alpha.6 (2021-01-30)

Bug Fixes

• automatically fix missing webpack framework and report a warning (ea5dc8e)
• fix an issue where multiple karma-webpack processes could not run in parallel (ea3dabe)
• bump hotfix dependencies (98b3ec9)

5.0.0-alpha.5 (2020-12-06)

Bug Fixes

• change the webpack peer dependency to webpack v5 (2e0ca74)

5.0.0-alpha.4 (2020-12-06)

Bug Fixes

• fix compatibility issues for webpack v5 (8d7366f), closes #452
• remove deprecation warning for .watch() (4fe1f60)

5.0.0-alpha.3.0 (2019-03-07)

Bug Fixes

• allow for same filenames to be added (#401) (80ce2d8), closes #400

5.0.0-alpha.2 (2019-02-13)

Bug Fixes

• karma-webpack: normalize paths to be compatible with windows (b783e1c)

5.0.0-alpha.1 (2019-01-01)

... (truncated)

Commits

• e2423b4 chore: release v5.0.0
• 46a5505 Merge branch 'master' into next
• 71fc63a fix(config): ignore entry options (#479)
• 05cfa79 fix(docs): fixed warning inaccuracy (#478)
• 1598fa6 fix(config): force default output.filename (#477)
• d603679 change(readme): made minor adjustments (#476)
• 5300200 refactor(*): break up into individual modules (#474)
• 8ad09d1 fix(test): handle scenario test rejection (#473)
• da86766 chore(release): 5.0.0-alpha.6
• 98b3ec9 chore(deps): bump hotfix dependencies (#472)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ryanclark, a new releaser for karma-webpack since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.