Bump minimatch, bower, browserify, watchify, jshint, nib and stylus

[dependabot]

Bumps minimatch to 3.0.4 and updates ancestor dependencies minimatch, bower, browserify, watchify, jshint, nib and stylus. These dependencies need to be updated together.

Updates minimatch from 0.3.0 to 3.0.4

Commits

• e46989a v3.0.4
• ddfacbd update brace-expansion
• 55ed736 update package scripts and deps
• eed8949 v3.0.3
• ecabc57 Do not throw on unfinished !( extglob patterns
• 81edb7c v3.0.2
• 6944abf Handle extremely long and terrible patterns more gracefully
• 8ac560e v3.0.1
• 4f3a8bc update tap
• 9cf2d88 Remove mentions of cache from readme
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for minimatch since your current version.

Updates bower from 1.5.2 to 1.8.14

Release notes

Sourced from bower's releases.

v1.8.12

• Properly bundle all dependencies of Bower within package

v1.8.10

• Security fixes for tar-fs dependency bower/bower#2576
• Security fixes for handlebars dependency bower/bower#2586
• Security fixes for ini dependency bower/bower#2589

v1.8.8

Fix security issue connected to extracting .tar.gz archives

This bug allows to write arbitrary file on filesystem when Bower extracts malicious package

Needlessly to say, please upgrade

v1.8.7

Fixes side effect of fix from v1.8.6 that caused improper permissions for extracted folders

bower/bower#2532

v1.8.6

Fix Zip Slip Vulnerability of decompress-zip package: https://snyk.io/research/zip-slip-vulnerability

Note: v1.8.5 has been unpublished because of missing files

v1.8.4

• Fixes release 1.8.3 by publishing with npm@3 instead of npm@5 (to include lib/node_modules)

v1.8.3

• 451c60e Do not store resolutions if --save is not used, fixes #2344 (#2508)
• 50ee729 Allow to disable shorthand resolver (#2507)
• bb17839 Allow shallow cloning when source is a ssh protocol (#2506)
• 5a6ae54 Add support for Arrays in Environment Variable replacement (#2411)
• 74af42c Only replace last @ after (if any) last / with # (#2395)
• 💯Make tests work on Windows / Linux / OSX on node versions 0.10 / 0.12 / 4 / 6 / 8 / 9
• 💅Format source code with prettier

v1.8.2

Migrate registry url from http://bower.herokuapp.com to https://registry.bower.io

It is so we leverage CDN and offload Heroku instance reducing costs.

v1.8.0

• Download tar archives from GitHub when possible (#2263)
  • Change default shorthand resolver for github from git:// to https://
• Fix ssl handling by not setting GIT_SSL_NO_VERIFY=false (#2361)
• Allow for removing components with url instead of name (#2368)
• Show in warning message location of malformed bower.json (#2357)
• Improve handling of non-semver versions in git resolver (#2316)
• Fix handling of cached releases pluginResolverFactory (#2356)

... (truncated)

Changelog

Sourced from bower's changelog.

Changelog

Newer releases

Please see: https://github.com/bower/bower/releases

1.8.0 - 2016-11-07

• Download tar archives from GitHub when possible (#2263)
  • Change default shorthand resolver for github from git:// to https://
• Fix ssl handling by not setting GIT_SSL_NO_VERIFY=false (#2361)
• Allow for removing components with url instead of name (#2368)
• Show in warning message location of malformed bower.json (#2357)
• Improve handling of non-semver versions in git resolver (#2316)
• Fix handling of cached releases pluginResolverFactory (#2356)
• Allow to type the entire version when conflict occured (#2243)
• Allow owner/reponame shorthand for registering components (#2248)
• Allow single-char repo names and package names (#2249)
• Make bower version no longer honor version in bower.json (#2232)
• Add postinstall hook (#2252)
• Allow for @ instead of # for install and info commands (#2322)
• Upgrade all bundled modules

1.7.9 - 2016-04-05

• Show warnings for invalid bower.json fields
• Update bower-json
  • Less strict validation on package name (allow spaces, slashes, and "@")

1.7.8 - 2016-04-04

• Don't ask for git credentials in non-interactive session, fixes #956 #1009
• Prevent swallowing exceptions with programmatic api, fixes #2187
• Update graceful-fs to 4.x in all dependences, fixes nodejs/node#5213
• Resolve pluggable resolvers using cwd and fallback to global modules, fixes #1919
• Upgrade handlebars to 4.0.5, closes #2195
• Replace all % chatacters in defined scripts, instead of only first one, fixes #2174
• Update opn package to fix issues with "bower open" command on Windows
• Update bower-config
  • Do not interpolate environment variables in script hooks, fixes bower/config#47
• Update bower-json
  • Validate package name more strictly and allow only latin letters, dots, dashes and underscores
• Add support for "save" and "save-exact" in .bowerrc, #2161

1.7.7 - 2016-01-27

Revert locations of all files while still packaging node_modules.

It's because people are depending on internals of bower, like bower/lib/renderers/StandardRenderer. We want to preserve this

... (truncated)

Commits

• d765b2b Bump to 1.8.14
• ca23b46 Run CI only on node 6+
• 7f26c5b Fix bug unauthenticated git protocol in GitHubResolver (#2612)
• 4b5722f Update README.md
• 557c1cd Fix mode for bin/bower
• 74560b7 Fix child process execution
• 2905791 Fix running bower on non-windows
• dfdda3f Merge remote-tracking branch 'origin/master'
• fa36814 Bump to 1.8.13
• f19bc34 Make sure correct git/svn binary is always used
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by sheerun, a new releaser for bower since your current version.

Updates browserify from 11.0.0 to 17.0.0

Release notes

Sourced from browserify's releases.

v17.0.0

• Upgrade events to v3.x. EventEmitter instances now have an off() method. require('events').once can be used to react to an event being emitted with async/await syntax. (#1839)
• Upgrade path-browserify to v1.x. (#1838)
• Upgrade stream-browserify to v3.x. require('stream') now matches the Node.js 10+ API. (#1970)
• Upgrade util to v0.12. Most notably, util.promisify and util.callbackify are finally available by default in browserify. (#1844)
• Add JSON syntax checking. Syntax errors in .json files will now fail to bundle. (#1700)

v16.5.1

Remove deprecated mkdirp version in favour of mkdirp-classic.

browserify/browserify@00c913f

Pin dependencies for Node.js 0.8 support.

browserify/browserify#1939

v16.5.0

Support custom name for "browser" field resolution in package.json using the browserField option.

browserify/browserify#1918

v16.4.0

Upgrade stream-http to v3. This version drops support for IE10 and below.

browserify/browserify#1916

v16.3.0

add empty stub for the http2 builtin module.

browserify/browserify#1913

update license text to remove references to code that is no longer included.

browserify/browserify#1906

add more tests for folder resolution.

browserify/browserify#1139

v16.2.3

add empty stub for the inspector builtin module.

browserify/browserify#1854

change the "browser" field link to the browser-field-spec repo instead of the old gist.

... (truncated)

Changelog

Sourced from browserify's changelog.

17.0.0

• Upgrade events to v3.x. EventEmitter instances now have an off() method. require('events').once can be used to react to an event being emitted with async/await syntax. (#1839)
• Upgrade path-browserify to v1.x. (#1838)
• Upgrade stream-browserify to v3.x. require('stream') now matches the Node.js 10+ API. (#1970)
• Upgrade util to v0.12. Most notably, util.promisify and util.callbackify are finally available by default in browserify. (#1844)
• Add JSON syntax checking. Syntax errors in .json files will now fail to bundle. (#1700)

16.5.2

Upgrade browser-resolve to v2.

browserify/browserify#1973

16.5.1

Remove deprecated mkdirp version in favour of mkdirp-classic.

browserify/browserify@00c913f

Pin dependencies for Node.js 0.8 support.

browserify/browserify#1939

16.5.0

Support custom name for "browser" field resolution in package.json using the browserField option.

browserify/browserify#1918

16.4.0

Upgrade stream-http to v3. This version drops support for IE10 and below.

browserify/browserify#1916

16.3.0

add empty stub for the http2 builtin module.

browserify/browserify#1913

update license text to remove references to code that is no longer included.

browserify/browserify#1906

add more tests for folder resolution.

browserify/browserify#1139

16.2.3

... (truncated)

Commits

• 7b14fb1 17.0.0
• c1523e2 Merge pull request #1970 from browserify/streams3
• 26665c0 bump readable-stream
• 984ffc6 Merge pull request #1982 from browserify/fix-ci
• e34ed8c skip crypto tests in old node.js
• 190491a update min insert-module-globals version
• 5113ea3 Merge tag 'v16.5.2' into master
• c94b4d5 16.5.2
• 678d650 Merge pull request #1973 from browserify/browser-resolve-2
• fc324b5 update browser-resolve to v2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by goto-bus-stop, a new releaser for browserify since your current version.

Updates watchify from 3.3.0 to 3.11.1

Commits

• c3fe218 3.11.1
• e90101b Merge pull request #362 from digipost/upgrade-deps
• d163b4f upgrade dependencies: fix errors from npm audit
• 1917270 Merge pull request #351 from menzow/feature/update-docs
• d232754 Merge pull request #357 from Kamil93/patch-1
• d924e9b Update readme.markdown
• 9ea8a65 Support for working with transforms
• 11989b2 3.11.0
• 82669ad Merge pull request #355 from browserify/browserify-16
• 495b6f2 Update to browserify@16
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by goto-bus-stop, a new releaser for watchify since your current version.

Updates jshint from 2.8.0 to 2.13.5

Release notes

Sourced from jshint's releases.

JSHint 2.13.5

2.13.5 (2022-07-08)

Bug Fixes

• Tolerate late definition of async function (#3618) (5c256a2)

JSHint 2.13.4

2.13.4 (2022-01-24)

Bug Fixes

• Remove shelljs (eb4609a)

JSHint 2.13.3

2.13.3 (2022-01-05)

Bug Fixes

• Recognize ES2020 globals (b1426f1)

JSHint 2.13.2

2.13.2 (2021-12-27)

Bug Fixes

• Add missing well-known globals (#3582) (cc1adf6)
• add URL for node in src/vars.js (#3570) (ca06e6a)
• change escape-sequence handler for double quotes (") (#3566) (75e48b7)
• Limit "Too many Errors" (E043) to errors only (#3562) (4a681b9)
• Tolerate keyword in object shorthand (057b1c6)
• Tolerate unterminated nullish coalescing (ecae54a)

JSHint 2.13.1

2.13.1 (2021-08-10)

Bug Fixes

• Allow invoking result of optional chaining (71ec395)
• Allow optional chaining call as satement (11dc0a6)
• Tolerate dangling NewExpression (7c890aa)

JSHint 2.13.0

2.13.0 (2021-05-30)

Bug Fixes

• Allow comma expression in MemberExpression (f05c8d1)
• Consider all exported bindings "used" (90228b7)

... (truncated)

Changelog

Sourced from jshint's changelog.

2.13.5 (2022-07-08)

Bug Fixes

• Tolerate late definition of async function (#3618) (5c256a2)

2.13.4 (2022-01-24)

Bug Fixes

• Remove shelljs (eb4609a)

2.13.3 (2022-01-05)

Bug Fixes

• Recognize ES2020 globals (b1426f1)

2.13.2 (2021-12-27)

Bug Fixes

• Add missing well-known globals (#3582) (cc1adf6)
• add URL for node in src/vars.js (#3570) (ca06e6a)
• change escape-sequence handler for double quotes (") (#3566) (75e48b7)
• Limit "Too many Errors" (E043) to errors only (#3562) (4a681b9)
• Tolerate keyword in object shorthand (057b1c6)
• Tolerate unterminated nullish coalescing (ecae54a)

2.13.1 (2021-08-10)

Bug Fixes

• Allow invoking result of optional chaining (71ec395)
• Allow optional chaining call as satement (11dc0a6)
• Tolerate dangling NewExpression (7c890aa)

2.13.0 (2021-05-30)

Bug Fixes

• Allow comma expression in MemberExpression (f05c8d1)
• Consider all exported bindings "used" (90228b7)
• Correct interpretation of ImportSpecifier (72a8102)
• Correct location for error (e831188)

... (truncated)

Commits

• 95a6036 v2.13.5
• d9583d5 [[CHORE]] Remove unused script
• 5c256a2 [[FIX]] Tolerate late definition of async function (#3618)
• 61c868c v2.13.4
• eb4609a [[FIX]] Remove shelljs
• b23e125 [[CHORE]] Remove shelljs from internal tooling
• 56d4a47 [[CHORE]] Use consistent interface for fs ops
• 33cfc87 [[CHORE]] Migrate from TravisCI to CircleCI
• a53cc95 [[CHORE]] Update version of package manifest (#3602)
• 2a842ac v2.13.3
• Additional commits viewable in compare view

Updates nib from 1.1.0 to 1.2.0

Release notes

Sourced from nib's releases.

v1.2.0

1.2.0 - 2022-05-17

• chore: use github actions as test infra #350 @​iChenLei
• feat: make stylus as peerDependencies #350 @​iChenLei
• feat: use official column-fill property #344 @​Sija
• fix: remove vendor prefix for background-size #338 @​specious
• fix: mute nodejs v14+ warnings #348 @​AlynxZhou

v1.1.2

No release notes provided.

Changelog

Sourced from nib's changelog.

1.2.0 - 2022-05-17

• chore: use github actions as test infra #350 @​iChenLei
• feat: make stylus as peerDependencies #350 @​iChenLei
• feat: use official column-fill property #344 @​Sija
• fix: remove vendor prefix for background-size #338 @​specious
• fix: mute nodejs v14+ warnings #348 @​AlynxZhou

Commits

• 5e2651e v1.2.0 (#359)
• 10881a1 chore: update readme badge and content (#358)
• 8cd4f83 ci: update test infra (#357)
• fb3c70c Merge pull request #352 from stylus/rename-readme
• c96c67d rename Readme.md -> README.md
• 18bb2f1 Merge pull request #351 from stylus/fix-version-field
• 7c745dc remove incorrect version 1.1.3 and update package-lock
• 393182d Merge pull request #350 from iChenLei/github-actions-ci
• 1e6f89f chore: add github actions ci
• 8291e5d Fixed tests
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ichenlei, a new releaser for nib since your current version.

Updates stylus from 0.52.0 to 0.59.0

Release notes

Sourced from stylus's releases.

0.59.0

• deps: switching from css to @adobe/css-tools stylus/stylus#2709 @​holblin

0.58.1

• fix: bin/stylus in npm packages contains windows style line endings #2691
• ci: add yarn bin/stylus execute regression test #2692

0.58.0

• feat: support full css level 4 logical combination selectors (:is, :where, :not, :has). #2684
• deps: drop safer-buffer. #2682
• chore: ci add code coverage benchmark. #2683
• chore: delete unused .gitmodules file. #2687
• chore: remove unused require. #2686

0.57.0

• Fix: remove lib-cov and outdated deps. #2659

0.56.0

• Deps: upgrade debug version from v3 to v4. #2643
• Deps: remove dependencies semver and mkdirp. 2641
• Fix: variable names beginning with a keyword and dash. #2634
• Fix: @import url() error in dependency resolver. #2632

0.55.0

• Fearure: Add deg and fr as exceptions for 0 value unit omission. #2578
• Feature: Add inverse trigonometric functions as bifs. #2186 closes #1567
• Fix: Bug fixes of encoding png image in url lib function. #2549
• Refactoring: Replace dependency css-parse with css. #2554

0.54.8

• Fix for Node v14 'Accessing non-existent property' errors #2538
• Fix tests on windows #2523
• Fixed an issue when running Stylus inside of an .asar archive #2520
• Patched Renderer.deps() to recognize identifiers as import paths. #2519
• Fix property lookup negation #2506

0.54.7

• Fix: fix bug in hash access #2484

0.54.6

• Fix issue with cos & sin not stripping rad unit. #2284
• Fix: handle empty at-rules #2416
• Define function arguments explicitly #2417
• Do not use the deprecated Buffer() constructor #2424
• Fix issues #2411
• Use mkdir() recursive option instead of mkdirp()
• Fix no such directory error in Stylus Executable #2421
• Fixed define column for mixin #2456
• Fix work with hash #2453
• Extend in block level import #2270

... (truncated)

Changelog

Sourced from stylus's changelog.

0.59.0 / 2022-08-13

• deps: switching from css to @​adobe/css-tools #2709

0.58.1 / 2022-05-31

• fix: bin/stylus in npm packages contains windows style line endings #2691
• ci: add yarn bin/stylus execute regression test #2692

0.58.0 / 2022-05-28

• feat: support full css level 4 logical combination selectors (:is, :where, :not, :has). #2684
• deps: drop safer-buffer. #2682
• chore: ci add code coverage benchmark. #2683
• chore: delete unused .gitmodules file. #2687
• chore: remove unused require. #2686

0.57.0 / 2022-02-19

• Fix: remove lib-cov and outdated deps. #2659

0.56.0 / 2021-12-18

• Deps: upgrade debug version from v3 to v4. #2643
• Deps: remove dependencies semver and mkdirp. 2641
• Fix: variable names beginning with a keyword and dash. #2634
• Fix: @​import url() error in dependency resolver. #2632

0.55.0 / 2021-09-04

• Fearure: Add deg and fr as exceptions for 0 value unit omission. #2578
• Feature: Add inverse trigonometric functions as bifs. #2186 closes #1567
• Fix: Bug fixes of encoding png image in url lib function. #2549
• Refactoring: Replace dependency css-parse with css. #2554

0.54.8 / 2020-07-16

• Feature: Patched Renderer.deps() to recognize identifiers as import paths. #2519
• Fix: fix for Node v14 'Accessing non-existent property' errors #2538
• Fix: tests on windows #2523
• Fix: fixed an issue when running Stylus inside of an .asar archive #2520
• Fix: fix property lookup negation #2506 closes #2485

0.54.7 / 2019-08-21

• Fix: bug in hash access #2484

... (truncated)

Commits

• 8e29ff3 0.59.0 (#2713)
• 98e5822 chore: ignore npm lockfile (#2712)
• 043d404 Switching from css to @adobe/css-tools (#2709)
• 07e23d7 [skip ci]: fix readme minor typo
• 996ffb2 chore: add sponsor info for stylus (#2704)
• 0e6f594 chore: add founding link (#2702)
• 8dbebd8 0.58.1 (#2693)
• bf3d169 ci: yarn bin execute regression (#2692)
• c074634 chore: remove github actions cache (#2690)
• 6da3a55 Adding link to existing contribution guide to README.md file, and making adju...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ichenlei, a new releaser for stylus since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.