[Security] Bump ua-parser-js from 0.7.20 to 0.7.28

[dependabot-preview]

Bumps ua-parser-js from 0.7.20 to 0.7.28. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Regular Expression Denial of Service (ReDoS) in ua-parser-js ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.

Affected versions: >= 0.7.14 < 0.7.24

Commits

• 1d3c98a Revert breaking fix #279 and release as 0.7.28
• 535f11b Delete redundant code
• 642c039 Fix #492 LG TV WebOS detection
• 3edacdd Merge branch 'master' into develop
• acc0b91 Update contributor list
• f726dcd Merge branch 'master' into develop
• 383ca58 More test for tablet devices
• 7c8aa43 Minor rearrangement
• 09aa910 Add new device & browser: Tesla
• 557cc21 More test for latest phones with unique form factor (fold/flip/qwerty/swivel)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

If all status checks pass Dependabot will automatically merge this pull request during working hours.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

• Update frequency
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[vercel]

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/manifold/ui/Dci6EogfmbDLCuRfyu8xToDwfpgu
✅ Preview: https://ui-git-dependabot-npmandyarnua-parser-js-0728-manifold.vercel.app

[codecov]

Codecov Report

Merging #1081 (fa81b43) into master (0c9fa08) will decrease coverage by 0.71%.
The diff coverage is 87.17%.

@@            Coverage Diff             @@
##           master    #1081      +/-   ##
==========================================
- Coverage   79.46%   78.74%   -0.72%     
==========================================
  Files          81       80       -1     
  Lines        1534     1722     +188     
  Branches      394      462      +68     
==========================================
+ Hits         1219     1356     +137     
- Misses        281      361      +80     
+ Partials       34        5      -29     

Impacted Files	Coverage Δ
...ld-data-provision-button/create-with-owner.graphql	100.00% <ø> (ø)
src/data/resource.tsx	75.00% <ø> (ø)
src/utils/marketplace.ts	37.50% <ø> (ø)
...d-data-has-resource/manifold-data-has-resource.tsx	75.00% <42.85%> (-4.49%)	⬇️
.../manifold-resource-list/manifold-resource-list.tsx	79.16% <60.00%> (-0.33%)	⬇️
...ifold-data-sso-button/manifold-data-sso-button.tsx	93.10% <75.00%> (+6.43%)	⬆️
...resource-container/manifold-resource-container.tsx	87.80% <75.00%> (-3.38%)	⬇️
src/global/app.ts	64.00% <79.24%> (ø)
...ents/manifold-active-plan/manifold-active-plan.tsx	65.38% <100.00%> (+8.86%)	⬆️
...onents/manifold-auth-token/manifold-auth-token.tsx	90.00% <100.00%> (-1.67%)	⬇️
... and 84 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5c62b31...fa81b43. Read the comment docs.

[dependabot-preview]

One of your CI runs failed on this pull request, so Dependabot won't merge it.

• vrt
• codecov/project
• changelog

Dependabot will still automatically merge this pull request if you amend it and your tests pass.