Bump the npm_and_yarn group across 1 directory with 5 updates

[dependabot]

Bumps the npm_and_yarn group with 3 updates in the / directory: follow-redirects, postcss and 10up-toolkit.

Updates follow-redirects from 1.15.4 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• See full diff in compare view

Updates postcss from 7.0.39 to 8.4.32

Release notes

Sourced from postcss's releases.

8.4.32

• Fixed postcss().process() types (by @​ferreira-tb).

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by @​romainmenke).

8.4.29

• Fixed Node#source.offset (by @​idoros).
• Fixed docs (by @​coliff).

8.4.28

• Fixed Root.source.end for better source map (by @​romainmenke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by @​romainmenke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by @​remcohaszing).

8.4.21

• Fixed Input#error types (by @​hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by @​romainmenke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

8.4.17

• Fixed Node.before() unexpected behavior (by @​romainmenke).

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.32

• Fixed postcss().process() types (by Andrew Ferreira).

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by Romain Menke).

8.4.29

• Fixed Node#source.offset (by Ido Rosenthal).
• Fixed docs (by Christian Oliff).

8.4.28

• Fixed Root.source.end for better source map (by Romain Menke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by Romain Menke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

• Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

• Fixed Node.before() unexpected behavior (by Romain Menke).

... (truncated)

Commits

• a0d9f10 Release 8.4.32 version
• 0146b3e Add Node.js 21 to CI
• 2398534 Update dependencies
• 1918533 Merge pull request #1902 from ferreira-tb/main
• 395e6dc Fix ProcessOptions interface
• fa8cd15 Update dependencies
• 199a7c4 Typo
• 2528047 Update EM link
• 90208de Release 8.4.31 version
• 58cc860 Fix carrier return parsing
• Additional commits viewable in compare view

Updates 10up-toolkit from 4.3.1 to 6.0.0

Changelog

Sourced from 10up-toolkit's changelog.

6.0.0

Major Changes

• 71460c9: update default value of useBlockAssets to true. If you are not ready for it yet. Set useBlockAssets to false in your 10up-toolkit package.json config.

  {
    "name": "your-project",
    "10up-toolkit": {
      "useBlockAssets": false
    }
  }

• 091bb26: Update postcss-preset-env to ^9.0.0 from ^7.0.0 Swap postcss-editor-styles with postcss-editor-styles-wrapper which is compatible with PostCSS 8

• e6c5140: Update linaria to next major and fix an issue with react-refresh plugin. Also drops support for node 14.

Minor Changes

• e29ee64: Feature: sourcemap option for production builds
• 0c969ef: Add support to configure Webpack's publicPath

Patch Changes

• 08f7c78: Add .local to the default list of supported domains.
• 6c8dbb5: Update dependencies
• 91f266f: Fix HRM (again)
• 5a8f979: Stop using react fast refresh fork in favor of the upstream package
• 01ade56: Fix: allow overriding buildfiles.config.js, filenames.config.js and paths.config.js as stated in README

6.0.0-next.0

Major Changes

• 71460c9: update default value of useBlockAssets to true. If you are not ready for it yet. Set useBlockAssets to false in your 10up-toolkit package.json config.

  {
    "name": "your-project",
    "10up-toolkit": {
      "useBlockAssets": false
    }
  }

• 091bb26: Update postcss-preset-env to ^9.0.0 from ^7.0.0 Swap postcss-editor-styles with postcss-editor-styles-wrapper which is compatible with PostCSS 8

• e6c5140: Update linaria to next major and fix an issue with react-refresh plugin. Also drops support for node 14.

... (truncated)

Commits

• f5d900c chore: promote from @​next
• 98a28bf Fix typos in the HMR and Fast Refresh section of the 10up-toolkit readme
• f0d4cf7 chore: version packages (next) (next)
• ea9ca67 Feature/stylelint rules (#360)
• fa2f7a7 fix typo
• dc91d4b update migration guide
• e29ee64 Production Sourcemaps (#358)
• 01ade56 allow overriding certain config files (#355)
• 091bb26 Upgrade PostCSS Preset Env (#331)
• 8e0c5f2 Bump sharp from 0.32.1 to 0.32.6
• Additional commits viewable in compare view

Updates sharp from 0.30.7 to 0.32.6

Changelog

Sourced from sharp's changelog.

v0.32.6 - 18th September 2023

• Upgrade to libvips v8.14.5 for upstream bug fixes.

• Ensure composite tile images are fully decoded (regression in 0.32.0). #3767

• Ensure withMetadata can add ICC profiles to RGB16 output. #3773

• Ensure withMetadata does not reduce 16-bit images to 8-bit (regression in 0.32.5). #3773

• TypeScript: Add definitions for block and unblock. #3799 @​ldrick

v0.32.5 - 15th August 2023

• Upgrade to libvips v8.14.4 for upstream bug fixes.

• TypeScript: Add missing WebpPresetEnum to definitions. #3748 @​pilotso11

• Ensure compilation using musl v1.2.4. #3755 @​kleisauke

• Ensure resize with a fit of inside respects 90/270 degree rotation. #3756

• TypeScript: Ensure minSize property of WebpOptions is boolean. #3758 @​sho-xizz

• Ensure withMetadata adds default sRGB profile. #3761

v0.32.4 - 21st July 2023

• Upgrade to libvips v8.14.3 for upstream bug fixes.

• Expose ability to (un)block low-level libvips operations by name.

• Prebuilt binaries: restore support for tile-based output. #3581

v0.32.3 - 14th July 2023

... (truncated)

Commits

• eefaa99 Release v0.32.6
• dbce6fa Upgrade to libvips v8.14.5
• af0fcb3 Docs: changelog for #3799
• c6f54e5 Bump devDeps
• 846563e TypeScript: add definitions for block and unblock (#3799)
• 9c217ab Ensure withMetadata can add RGB16 profiles #3773
• e7381e5 Alternative fix for 4340d60, uses existing StaySequential
• 4340d60 Ensure composite tile images fully decoded #3767
• 7f64d46 Docs: add missing returns property to raw
• 67e927b Docs: ensure all functions include method signature #3777
• Additional commits viewable in compare view

Updates webpack-dev-middleware from 5.3.3 to 5.3.4

Release notes

Sourced from webpack-dev-middleware's releases.

v5.3.4

5.3.4 (2024-03-20)

Bug Fixes

• security: do not allow to read files above (#1779) (189c4ac)

Changelog

Sourced from webpack-dev-middleware's changelog.

5.3.4 (2024-03-20)

Bug Fixes

• security: do not allow to read files above (#1779) (189c4ac)

Commits

• 86071ea chore(release): 5.3.4
• 189c4ac fix(security): do not allow to read files above (#1779)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #186.