Bump the npm_and_yarn group across 1 directory with 11 updates

[dependabot]

Bumps the npm_and_yarn group with 10 updates in the / directory:

Package	From	To
lodash	4.17.4	4.17.21
express	4.14.1	4.19.2
minimist	1.2.0	1.2.6
webpack-dev-middleware	1.10.0	5.3.4
browserify-sign	4.0.0	4.2.3
es5-ext	0.10.12	0.10.64
fsevents	1.0.15	1.2.13
handlebars	4.0.6	4.7.8
is-my-json-valid	2.15.0	2.20.6
lodash-es	4.17.2	4.17.21

Updates lodash from 4.17.4 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates express from 4.14.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates minimist from 1.2.0 to 1.2.6

Changelog

Sourced from minimist's changelog.

v1.2.6 - 2022-03-21

Commits

• test from prototype pollution PR bc8ecee
• isConstructorOrProto adapted from PR c2b9819
• security notice for additional prototype pollution issue ef88b93

v1.2.5 - 2020-03-12

v1.2.4 - 2020-03-11

Commits

• security notice 4cf1354
• additional test for constructor prototype pollution 1043d21

v1.2.3 - 2020-03-10

Commits

• more failing proto pollution tests 13c01a5
• even more aggressive checks for protocol pollution 38a4d1c

v1.2.2 - 2020-03-10

Commits

• failing test for protocol pollution 0efed03
• cleanup 67d3722
• console.dir -> console.log 47acf72
• don't assign onto proto 63e7ed0

v1.2.1 - 2020-03-10

Merged

• move the opts['--'] example back where it belongs [#63](https://github.com/minimistjs/minimist/issues/63)

Commits

• add test 6be5dae
• fix bad boolean regexp ac3fc79

Commits

• 7efb22a 1.2.6
• ef88b93 security notice for additional prototype pollution issue
• c2b9819 isConstructorOrProto adapted from PR
• bc8ecee test from prototype pollution PR
• aeb3e27 1.2.5
• 278677b 1.2.4
• 4cf1354 security notice
• 1043d21 additional test for constructor prototype pollution
• 6457d74 1.2.3
• 38a4d1c even more aggressive checks for protocol pollution
• Additional commits viewable in compare view

Updates webpack-dev-middleware from 1.10.0 to 5.3.4

Release notes

Sourced from webpack-dev-middleware's releases.

v5.3.4

5.3.4 (2024-03-20)

Bug Fixes

• security: do not allow to read files above (#1779) (189c4ac)

v5.3.3

5.3.3 (2022-05-18)

Bug Fixes

• types for Request and Response (#1271) (eeb8aa8)

v5.3.2

5.3.2 (2022-05-17)

Bug Fixes

• node types (#1195) (d68ab36)
• compatibility with Node.js 18

v5.3.1

5.3.1 (2022-02-01)

Bug Fixes

• types (#1187) (0f82e1d)

v5.3.0

5.3.0 (2021-12-16)

Features

• added types (a2fa77f)
• removed cjs wrapper (#1146) (b6d53d3)

v5.2.2

5.2.2 (2021-11-17)

Chore

• update schema-utils package to 4.0.0 version

... (truncated)

Changelog

Sourced from webpack-dev-middleware's changelog.

5.3.4 (2024-03-20)

Bug Fixes

• security: do not allow to read files above (#1779) (189c4ac)

5.3.3 (2022-05-18)

Bug Fixes

• types for Request and Response (#1271) (eeb8aa8)

5.3.2 (2022-05-17)

Bug Fixes

• node types (#1195) (d68ab36)

5.3.1 (2022-02-01)

Bug Fixes

• types (#1187) (0f82e1d)

5.3.0 (2021-12-16)

Features

• added types (a2fa77f)
• removed cjs wrapper (#1146) (b6d53d3)

5.2.2 (2021-11-17)

Chore

• update schema-utils package to 4.0.0 version

5.2.1 (2021-09-25)

• internal release, no visible changes and features

5.2.0 (2021-09-24)

... (truncated)

Commits

• 86071ea chore(release): 5.3.4
• 189c4ac fix(security): do not allow to read files above (#1779)
• f3c62b8 chore(release): 5.3.3
• eeb8aa8 fix: types for Request and Response (#1271)
• 1a45388 chore(release): 5.3.2
• b8fb945 chore(deps): memfs force update (#1269)
• f88067d chore: update deps and ci (#1260)
• 7186318 chore(deps-dev): bump @​commitlint/cli
• 57c50ef ci: update checkout, setup-node, and codecov actions (#1267)
• 840146a chore(deps-dev): bump @​babel/preset-env
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for webpack-dev-middleware since your current version.

Updates browserify-sign from 4.0.0 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

• [patch] widen support to 0.12 9247adf
• [patch] drop minimum node support to v1 4d0ee49
• [Dev Deps] update aud, npmignore, tape 87f3a35
• [actions] remove redundant finisher 37a4758
• [Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12
• [Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)
• [Deps] update elliptic fb261ce
• [Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

• [Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

• Only apps should have lockfiles 09a8995
• [eslint] switch to eslint 83fe463
• [meta] add npmignore and auto-changelog 4418183
• [meta] fix package.json indentation 9ac5a5e
• [Tests] migrate from travis to github actions d845d85
• [Fix] sign: throw on unsupported padding scheme 8767739
• [Fix] properly check the upper bound for DSA signatures 85994cd
• [Tests] handle openSSL not supporting a scheme f5f17c2
• [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
• [Dev Deps] update nyc, standard, tape cc5350b
• [Tests] always run coverage; downgrade nyc 75ce1d5
• [meta] add safe-publish-latest dcf49ce
• [Tests] add npm run posttest 75dd8fd
• [Dev Deps] update tape 3aec038
• [Tests] skip unsupported schemes 703c83e
• [Tests] node < 6 lacks array includes 3aa43cf
• [Dev Deps] fix eslint range 98d4e0d

v4.2.1 - 2020-08-04

Merged

• bump elliptic [#58](https://github.com/crypto-browserify/browserify-sign/issues/58)

v4.2.0 - 2020-05-18

Merged

• switch to safe buffer [#53](https://github.com/crypto-browserify/browserify-sign/issues/53)

... (truncated)

Commits

• bf2c3ec v4.2.3
• 9247adf [patch] widen support to 0.12
• f427270 [Deps] update `parse-asn1
• 87f3a35 [Dev Deps] update aud, npmignore, tape
• fb261ce [Deps] update elliptic
• 4d0ee49 [patch] drop minimum node support to v1
• 9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
• 168e16f [Deps] pin elliptic due to a breaking change
• 37a4758 [actions] remove redundant finisher
• 4af5a90 v4.2.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates es5-ext from 0.10.12 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

---

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

---

Comparison since last release

0.10.62 (2022-08-02)

Maintenance Improvements

• Manifest improvements:
  • (#190) (b8dc53f)
  • (c51d552)

---

Comparison since last release

0.10.61 (2022-04-20)

Bug Fixes

• Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

• Bump dependencies (d7e0a61)

---

Comparison since last release

0.10.60 (2022-04-07)

Maintenance Improvements

• Improve postinstall script configuration (ab6b121)

---

... (truncated)

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

0.10.62 (2022-08-02)

Maintenance Improvements

• Manifest improvements:
  • (#190) (b8dc53f)
  • (c51d552)

0.10.61 (2022-04-20)

Bug Fixes

• Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

• Bump dependencies (d7e0a61)

0.10.60 (2022-04-07)

Maintenance Improvements

• Improve postinstall script configuration (ab6b121)

0.10.59 (2022-03-17)

Maintenance Improvements

• Improve manifest wording (#122) (eb7ae59)
• Update data in manifest (3d2935a)

0.10.58 (2022-03-11)

... (truncated)

Commits

• f76b03d chore: Release v0.10.64
• 2881acd chore: Bump dependencies
• c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
• 16f2b72 docs: Fix date in the changelog
• de4e03c chore: Release v0.10.63
• 3fd53b7 chore: Upgrade lint-staged to v13
• bf8ed79 chore: Ensure postinstall script does not crash on Windows
• 2cbbb07 chore: Bump dependencies
• 22d0416 chore: Bump LICENSE year
• a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
• Additional commits viewable in compare view

Updates fsevents from 1.0.15 to 1.2.13

Release notes

Sourced from fsevents's releases.

Release v1.2.13

Only build on Mac-OSX

Release v1.2.11

Removing node-pre-gyp so that building fsevents becomes easier and enabled without the download of binaries.

The credentials to the AWS store have been lost. Releasing to AWS is both insecure and no longer possible due to the lost credentials.

Intermediate Release

No release notes provided.

Release v1.2.9 - Node v12 compatibility

No release notes provided.

Release Pre-NAPI v1.2.8

No release notes provided.

Version Bump (bundle node-pre-gyp)

No release notes provided.

Prebuilt v11.x

No release notes provided.

v1.2.3

• Added node v10 for pre-built binaries
• C++ tuning to fix potential SIGILL and cyclic dependency (#204)

v1.2.2

Fixed node-pre-gyp bundling issue

v1.2.1

[unpublished because of errors during publish process]

v1.2.0

• BREAKING: End support for Node v0.12. If you are using Node v0.12 please pin your fsevents dependencies to v1.1.3. Not bumping semver major for this release was a compromise solution discussed in #199 and #201.
  • Node v0.10 should continue to work with local compilation for now, but hosted pre-built binaries will no longer be provided. If this is a constraint for you, please pin to an earlier version.
• Fixed security vulnerability warnings by updating node-pre-gyp to ^0.9.0
• Compatibility updates for nan v2.9.0

v1.1.3

• Added node v9 for pre-built binaries
• Fixed bug related to using --no-bin-links option on install
• Updated node-pre-gyp to latest version (0.6.39)

v1.1.2

• Added Node.js v8 to the prebuild binary assets.
• Stopped prebuilding for io.js (can still be built locally)
• Updated node-pre-gyp to latest version (0.6.36)

v1.1.1

... (truncated)

Commits

• 844a05d Version Bump
• f393f2a Only build fsevents on macOS (#322)
• 6a281a7 [publish binary]
• acc2bce [publish binary]
• f532b6e [publish binary]
• 4c6a1c0 Add node 13 to travis matrix.
• 92e40aa Release 1.2.12.
• 909af26 Release v1.2.11
• 7074adb Release v1.2.10
• 0a052f6 Node.js v12 support for v1.x (#274)
• Additional commits viewable in compare view

Updates handlebars from 4.0.6 to 4.7.8

Release notes

Sourced from handlebars's releases.

v4.7.8

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.8 - July 27th, 2023

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

• fix weird error in integration tests - eb860c0
• fix: check prototype property access in strict-mode (#1736) - b6d3de7
• fix: escape property names in compat mode (#1736) - f058970
• refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
• chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

• the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

• #1672 - Switch cmd parser to latest minimist (@​dougwilson

Compatibility notes:

• Restored Node.js compatibility

Commits

v4.7.5 - April 2nd, 2020

Chore/Housekeeping:

• Node.js version support has been changed to v6+ Reverted in 4.7.6

Compatibility notes:

... (truncated)

Commits

• 8dc3d25 v4.7.8
• 668c4fb Fix browser tests in CI pipeline
• c65c6cc Test on Node 18
• 3d3796c Make library compatible with workers
• 075b354 Fix sync issue with npm lock-file
• 30dbf04 Fix compiling of each block params in strict mode
• e3a5448 Fix bundler issue with webpack 5
• 8e23642 Fix integration-tests issue with npm >= 7
• 88ac068 use https instead of git for mustache submodule
• c68bc08 Fix typo
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.

Updates is-my-json-valid from 2.15.0 to 2.20.6

Commits

• 58d30cb 2.20.6
• f76edf0 Merge pull request #188 from axelniklasson/master
• 4eef089 Upgrade jsonpointer to address security vulnerability
• 441f812 2.20.5
• d36a1b1 Merge pull request #182 from ChALkeR/chalker/fix-comma
• b6ea484 Fix uri prefix detection
• 5389c5b Merge pull request #181 from ChALkeR/chalker/fix-undef
• df5b313 add funding file
• c224619 Fix 'required' implementation
• 2534af4 2.20.4
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by linusu, a new releaser for is-my-json-valid since your current version.

Updates lodash-es from 4.17.2 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash-es since your current version.

Updates qs from 6.2.0 to 6.3.0

Changelog

Sourced from qs's changelog.

6.3.0

• [New] Add support for RFC 1738 (#174, #173)
• [New] stringify: Add serializeDate option to customize Date serialization (#159)
• [Fix] ensure utils.merge handles merging two arrays
• [Refactor] only constructors should be capitalized
• [Refactor] capitalized var names are for constructors only
• [Refactor] avoid using a sparse array
• [Robustness] formats: cache String#replace
• [Dev Deps] update browserify, eslint, @ljharb/eslint-config; add safe-publish-latest
• [Tests] up to node v6.8, v4.6; improve test matrix
• [Tests] flesh out arrayLimit/arrayFormat tests (#107)
• [Tests] skip Object.create tests when null objects are not available
• [Tests] Turn on eslint for test files (#175)

6.2.4

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [Refactor] use cached Array.isArray
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] Clean up license text so it’s properly detected as BSD-3-Clause
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] use safer-buffer instead of Buffer constructor
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

6.2.3

• [Fix] follow allowPrototypes option during merge (#201, #200)
• [Fix] chmod a-x
• [Fix] support keys starting with brackets (#202, #200)
• [Tests] up to node v7.7, v6.10, v4.8; disable osx builds since they block linux builds

6.2.2

• [Fix] ensure that allowPrototypes: false does not ever shadow Object.prototype properties

6.2.1

• [Fix] ensure key[]=x&key[]&key[]=y results in 3, not 2, values
• [Refactor] Be explicit and use Object.prototype.hasOwnProperty.call
• [Tests] remove parallelshell since it does not reliably report failures
• [Tests] up to node v6.3, v5.12
• [Dev Deps] update tape, eslint, @ljharb/eslint-config, qs-iconv

Commits

• 8aa9c26 v6.3.0
• d4fb8e2 [Tests] Turn on eslint for test files
• 387afd7 [Robustness] formats: cache String#replace
• 35a6f09 [Tests] up to node v6.8, v4.6
• 2eb3227 [Dev Deps] update eslint, safe-publish-latest
• 3dc76ca Add support for RFC 1738
• 69c9901 [Dev Deps] update eslint, tape
• ea3e19d [Dev Deps] update eslint
• a9e4cfd [Dev Deps] update safe-publish-latest
• 5b71a70 [Tests] on node v6.5; improve test matrix
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

[//]: # (dependabot-automerge-start...

Description has been truncated

[dependabot]

Superseded by #46.