Bump the npm_and_yarn group across 1 directory with 10 updates

[dependabot]

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package	From	To
@intlify/core	9.14.0	9.14.2
@intlify/core-base	9.14.0	9.14.2
vue-i18n	9.14.0	9.14.2
nanoid	3.3.7	3.3.8
cross-spawn	7.0.3	7.0.6
micromatch	4.0.7	4.0.8
path-to-regexp	6.2.2	6.3.0
send	0.18.0	0.19.0
serve-static	1.15.0	1.16.2

Updates @intlify/core from 9.14.0 to 9.14.2

Release notes

Sourced from @​intlify/core's releases.

v9.14.2

What's Changed

🔒 Security Fixes

• fix: XSS vulnerability with prototype pollution on AST: GHSA-9r9m-ffp6-9x4v
• fix: prototype pollusion on deepCopy: GHSA-hjwq-mjwj-4x6c

Full Changelog: intlify/vue-i18n@v9.14.1...v9.14.2

v9.14.1

What's Changed

🐛 Bug Fixes

• fix: messages deepCopy mutates src arguments by @​BobbieGoede in intlify/vue-i18n#1975

Full Changelog: intlify/vue-i18n@v9.14.0...v9.14.1

Commits

• 5448139 release: v9.14.2
• af67265 release: v9.14.1
• See full diff in compare view

Updates @intlify/core-base from 9.14.0 to 9.14.2

Release notes

Sourced from @​intlify/core-base's releases.

v9.14.2

What's Changed

🔒 Security Fixes

• fix: XSS vulnerability with prototype pollution on AST: GHSA-9r9m-ffp6-9x4v
• fix: prototype pollusion on deepCopy: GHSA-hjwq-mjwj-4x6c

Full Changelog: intlify/vue-i18n@v9.14.1...v9.14.2

v9.14.1

What's Changed

🐛 Bug Fixes

• fix: messages deepCopy mutates src arguments by @​BobbieGoede in intlify/vue-i18n#1975

Full Changelog: intlify/vue-i18n@v9.14.0...v9.14.1

Commits

• 5448139 release: v9.14.2
• af67265 release: v9.14.1
• See full diff in compare view

Updates vue-i18n from 9.14.0 to 9.14.2

Release notes

Sourced from vue-i18n's releases.

v9.14.2

What's Changed

🔒 Security Fixes

• fix: XSS vulnerability with prototype pollution on AST: GHSA-9r9m-ffp6-9x4v
• fix: prototype pollusion on deepCopy: GHSA-hjwq-mjwj-4x6c

Full Changelog: intlify/vue-i18n@v9.14.1...v9.14.2

v9.14.1

What's Changed

🐛 Bug Fixes

• fix: messages deepCopy mutates src arguments by @​BobbieGoede in intlify/vue-i18n#1975

Full Changelog: intlify/vue-i18n@v9.14.0...v9.14.1

Commits

• 5448139 release: v9.14.2
• af67265 release: v9.14.1
• See full diff in compare view

Updates @intlify/shared from 9.14.0 to 9.14.2

Release notes

Sourced from @​intlify/shared's releases.

v9.14.2

What's Changed

🔒 Security Fixes

• fix: XSS vulnerability with prototype pollution on AST: GHSA-9r9m-ffp6-9x4v
• fix: prototype pollusion on deepCopy: GHSA-hjwq-mjwj-4x6c

Full Changelog: intlify/vue-i18n@v9.14.1...v9.14.2

v9.14.1

What's Changed

🐛 Bug Fixes

• fix: messages deepCopy mutates src arguments by @​BobbieGoede in intlify/vue-i18n#1975

Full Changelog: intlify/vue-i18n@v9.14.0...v9.14.1

Commits

• 5448139 release: v9.14.2
• aabee0d Merge commit from fork
• af67265 release: v9.14.1
• 3eb9d52 fix: messages deepCopy mutates src arguments (#1947) (#1975)
• See full diff in compare view

Updates nanoid from 3.3.7 to 3.3.8

Changelog

Sourced from nanoid's changelog.

3.3.8

• Fixed a way to break Nano ID by passing non-integer size (by @​myndzi).

Commits

• 3044cd5 Release 3.3.8 version
• 4fe3495 Update size limit
• d643045 Fix pool pollution, infinite loop (#510)
• See full diff in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates micromatch from 4.0.7 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

Commits

• 8bd704e 4.0.8
• a0e6841 run verb to generate README documentation
• 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
• 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
• 814f5f7 lint
• 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
• 113f2e3 fix: CVE numbers in CHANGELOG
• d9dbd9a feat: updated CHANGELOG
• 2ab1315 fix: use actions/setup-node@v4
• 1406ea3 feat: rework test to work on macos with node 10,12 and 14
• Additional commits viewable in compare view

Updates path-to-regexp from 6.2.2 to 6.3.0

Release notes

Sourced from path-to-regexp's releases.

Fix backtracking in 6.x

Fixed

• Add backtrack protection to 6.x (#324) f1253b4

pillarjs/path-to-regexp@v6.2.2...v6.3.0

Commits

• 75a92c3 6.3.0
• f1253b4 Add backtrack protection to 6.x (#324)
• See full diff in compare view

Updates send from 0.18.0 to 0.19.0

Release notes

Sourced from send's releases.

0.19.0

What's Changed

• Remove link renderization in html while redirecting (pillarjs/send#235)

New Contributors

• @​UlisesGascon made their first contribution in pillarjs/send#235

Full Changelog: pillarjs/send@0.18.0...0.19.0

Changelog

Sourced from send's changelog.

0.19.0 / 2024-09-10

• Remove link renderization in html while redirecting

Commits

• 9d2db99 0.19.0
• ae4f298 Merge commit from fork
• See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.

Updates serve-static from 1.15.0 to 1.16.2

Release notes

Sourced from serve-static's releases.

v1.16.2

What's Changed

• encodeurl@~2.0.0 by @​wesleytodd in expressjs/serve-static#180

Full Changelog: expressjs/serve-static@v1.16.1...v1.16.2

v1.16.1

What's Changed

• bump send to 0.19 by @​tommasini in expressjs/serve-static#176

New Contributors

• @​tommasini made their first contribution in expressjs/serve-static#176

Full Changelog: expressjs/serve-static@1.16.0...v1.16.1

1.16.0

What's Changed

• Remove link renderization in html while redirecting (expressjs/serve-static#173)

New Contributors

• @​UlisesGascon made their first contribution in expressjs/serve-static#173

Full Changelog: expressjs/serve-static@v1.15.0...1.16.0

Changelog

Sourced from serve-static's changelog.

1.16.2 / 2024-09-11

• deps: encodeurl@~2.0.0

1.16.1 / 2024-09-11

• deps: send@0.19.0

1.16.0 / 2024-09-10

• Remove link renderization in html while redirecting

Commits

• ec9c5ec 1.16.2
• f454d37 fix(deps): encodeurl@~2.0.0
• 77a8255 1.16.1
• 4263f49 fix(deps): send@0.19.0
• 48c7397 1.16.0
• 0c11fad Merge commit from fork
• See full diff in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for serve-static since your current version.

Updates serve-static from 1.15.0 to 1.16.2

Release notes

Sourced from serve-static's releases.

v1.16.2

What's Changed

• encodeurl@~2.0.0 by @​wesleytodd in expressjs/serve-static#180

Full Changelog: expressjs/serve-static@v1.16.1...v1.16.2

v1.16.1

What's Changed

• bump send to 0.19 by @​tommasini in expressjs/serve-static#176

New Contributors

• @​tommasini made their first contribution in expressjs/serve-static#176

Full Changelog: expressjs/serve-static@1.16.0...v1.16.1

1.16.0

What's Changed

• Remove link renderization in html while redirecting (expressjs/serve-static#173)

New Contributors

• @​UlisesGascon made their first contribution in expressjs/serve-static#173

Full Changelog: expressjs/serve-static@v1.15.0...1.16.0

Changelog

Sourced from serve-static's changelog.

1.16.2 / 2024-09-11

• deps: encodeurl@~2.0.0

1.16.1 / 2024-09-11

• deps: send@0.19.0

1.16.0 / 2024-09-10

• Remove link renderization in html while redirecting

Commits

• ec9c5ec 1.16.2
• f454d37 fix(deps): encodeurl@~2.0.0
• 77a8255 1.16.1
• 4263f49 fix(deps): send@0.19.0
• 48c7397 1.16.0
• 0c11fad Merge commit from fork
• See full diff in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for serve-static since your current version.

Updates vue-i18n from 9.14.0 to 9.14.2

Release notes

Sourced from vue-i18n's releases.

v9.14.2

What's Changed

🔒 Security Fixes

• fix: XSS vulnerability with prototype pollution on AST: GHSA-9r9m-ffp6-9x4v
• fix: prototype pollusion on deepCopy: GHSA-hjwq-mjwj-4x6c

Full Changelog: intlify/vue-i18n@v9.14.1...v9.14.2

v9.14.1

What's Changed

🐛 Bug Fixes

• fix: messages deepCopy mutates src arguments by @​BobbieGoede in intlify/vue-i18n#1975

Full Changelog: intlify/vue-i18n@v9.14.0...v9.14.1

Commits

• 5448139 release: v9.14.2
• af67265 release: v9.14.1
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.