Bump the npm_and_yarn group across 1 directory with 14 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package	From	To
cloudinary	1.19.0	2.7.0
ansi-regex	3.0.0	3.0.1
ansi-regex	4.1.0	4.1.1
braces	3.0.2	3.0.3
date-and-time	0.12.0	0.14.2
debug	4.1.1	4.4.3
get-func-name	2.0.0	2.0.2
json-bigint	0.3.0	1.0.0
pathval	1.1.0	1.1.1
xml2js	0.4.19	0.6.2

Updates cloudinary from 1.19.0 to 2.7.0

Release notes

Sourced from cloudinary's releases.

Version 2.7.0

• fix: prevent parameter injection via ampersand in parameter values (#709)

Version 2.6.1

No release notes provided.

Version 2.6.1-rc.1

• fix: uploader interface

Version 2.6.0

• chore: bumped jsdoc
• fix: defaults for related asset methods and proper content_type
• chore: Updated Sample Projects (#698)
• fix: metadata field datasource type (#693)
• feat: Add support for DELETE /resources/backup/:asset_id (#700)
• chore: dev dependencies cleanup
• chore: new node version support in CI

Version 2.5.1

• fix: added missing stream method to ts spec

Version 2.5.0

• feat: auto_transcription on upload and explicit support (#690)
• feat: auto_chaptering on upload and explicit support (#689)
• feat: access key management via provisioning api (#687)

Version 2.4.0

• feat: exposing config endpoint from admin api
• fix: update metadata field added missing param default_disabled
• fix: types definitions

Version 2.3.1

• fix: use 0.0.0 as fallback when package.json unavailable
• fix: upload_chunked_stream works properly with more than 2 chunks

Version 2.3.0

• fix: url analytics property name
• fix: dependencies explicit version (fix for CI)
• fix: decoding transformation string before sending in upload payload
• feat: update folders

Version 2.2.0

• feat: selective response for admin and search api
• feat: multiple values support for fields and with_field methods in search api

Version 2.1.0

• feat: added support for new api in beta - analyze api
• chore: added state to datasource entry type
• fix: metadata field api response datasource type improved
• feat: notification-url for rename and destroy methods

... (truncated)

Changelog

Sourced from cloudinary's changelog.

2.7.0 / 2025-06-18

• fix: prevent parameter injection via ampersand in parameter values (#709)

2.6.1 / 2025-05-05

2.6.1-rc.1 / 2025-05-05

• fix: uploader interface

2.6.0 / 2025-03-11

• chore: bumped jsdoc
• fix: defaults for related asset methods and proper content_type
• chore: Updated Sample Projects (#698)
• fix: metadata field datasource type (#693)
• feat: Add support for DELETE /resources/backup/:asset_id (#700)
• chore: dev dependencies cleanup
• chore: new node version support in CI

2.5.1 / 2024-10-08

• fix: added missing stream method to ts spec

2.5.0 / 2024-09-15

• feat: auto_transcription on upload and explicit support (#690)
• feat: auto_chaptering on upload and explicit support (#689)
• feat: access key management via provisioning api (#687)

2.4.0 / 2024-07-30

• feat: exposing config endpoint from admin api
• fix: update metadata field added missing param default_disabled
• fix: types definitions

2.3.1 / 2024-07-25

• fix: use 0.0.0 as fallback when package.json unavailable

... (truncated)

Commits

• 923a66e Version 2.7.0
• ec4b65f fix: prevent parameter injection via ampersand in parameter values (#709)
• c7f784d Version 2.6.1
• 4afcd36 fix: uploader methods return correct type (#706)
• ad90190 Version 2.6.0
• 64bdc9d fix: defaults for related asset methods and proper content_type (#705)
• 25e04e6 Updated Sample Projects (#698)
• 265ccb8 fix: metadata field datasource type (#693)
• d6c51e2 feat: Add support for DELETE /resources/backup/:asset_id (#700)
• c072e37 Minor typo fix (#703)
• Additional commits viewable in compare view

Updates ansi-regex from 3.0.0 to 3.0.1

Commits

• f545bdb 3.0.1
• c57d4c2 fix a few old XO issues for backport
• 419250f Fix potential ReDoS (#37)
• See full diff in compare view

Updates ansi-regex from 4.1.0 to 4.1.1

Commits

• f545bdb 3.0.1
• c57d4c2 fix a few old XO issues for backport
• 419250f Fix potential ReDoS (#37)
• See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates date-and-time from 0.12.0 to 0.14.2

Commits

• 6dab608 Updated README.md
• 0bda3b4 Bump version
• 9e4b501 Fixed regular expression denial of service (ReDoS) vulnerability
• 73103a3 Merge branch 'dependabot/npm_and_yarn/bl-4.0.3' into master
• 93bf9da Bump bl from 4.0.2 to 4.0.3
• 5597efa Merge branch 'develop' into master
• c158464 Updated README.md
• 1748bc2 Bump version
• 9f7941c #41 Fixed a bug characters inside square brackets are not validated
• 6f726d9 Merge branch 'develop'
• Additional commits viewable in compare view

Updates debug from 4.1.1 to 4.4.3

Release notes

Sourced from debug's releases.

4.4.3

Functionally identical release to 4.4.1.

Version 4.4.2 is compromised. Please see debug-js/debug#1005.

4.4.1

What's Changed

• fix(Issue-996): replace whitespaces in namespaces string with commas globally by @​pdahal-cx in debug-js/debug#997
• fixes #987 fallback to localStorage.DEBUG if debug is not defined by @​lzilioli in debug-js/debug#988

New Contributors

• @​pdahal-cx made their first contribution in debug-js/debug#997
• @​lzilioli made their first contribution in debug-js/debug#988

Full Changelog: debug-js/debug@4.4.0...4.4.1

4.4.0

Fixes (hopefully) the inefficient regex warnings in .enable().

Minor version as this is invariably going to break certain users who misuse the .enable() API and expected it to work with regexes, which was never supported nor documented. That's on you, sorry - that functionality won't be added back.

Full Changelog: debug-js/debug@4.3.7...4.4.0

4.3.7

What's Changed

• Upgrade ms to version 2.1.3 by @​realityking in debug-js/debug#819

Full Changelog: debug-js/debug@4.3.6...4.3.7

4.3.6

What's Changed

• Avoid using deprecated RegExp.$1 by @​bluwy in debug-js/debug#969

New Contributors

• @​bluwy made their first contribution in debug-js/debug#969

Full Changelog: debug-js/debug@4.3.5...4.3.6

4.3.5

Patch

• cac39b1c5b018b0fe93a53a05f084eee543d17f5 Fix/debug depth (#926)

Thank you @​calvintwr for the fix.

4.3.4

What's Changed

• Add section about configuring JS console to show debug messages by @​gitname in debug-js/debug#866
• Replace deprecated String.prototype.substr() by @​CommanderRoot in debug-js/debug#876

... (truncated)

Commits

• 6b2c5fb 4.4.3
• 33330fa 4.4.1
• 98df33e remove istanbul
• bf2f574 fixes #987 fallback to localStorage.DEBUG if debug is not defined (#988)
• a0497bd Replace whitespaces in namespaces string with commas globally instead of just...
• 7e3814c 4.4.0
• d2d6bf0 fix inefficient .enable() regex and .enabled() test
• bc60914 4.3.7
• c63e96e Upgrade ms to version 2.1.3 (#819)
• 382864a remove archaic badges from readme
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by qix, a new releaser for debug since your current version.

Updates flat from 4.1.0 to 5.0.2

Commits

• e5ffd66 Release 5.0.2
• fdb79d5 Update dependencies, refresh lockfile, format with standard.
• e52185d Test against node 14 in CI.
• 0189cb1 Avoid arrow function syntax.
• f25d3a1 Release 5.0.1
• 54cc7ad use standard formatting
• 779816e drop dependencies
• 2eea6d3 Bump lodash from 4.17.15 to 4.17.19
• a61a554 Bump acorn from 7.1.0 to 7.4.0
• 20ef0ef Fix prototype pollution on unflatten
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by timoxley, a new releaser for flat since your current version.

Updates get-func-name from 2.0.0 to 2.0.2

Release notes

Sourced from get-func-name's releases.

v2.0.2

What's Changed

Revert previous changes that shipped this as an ES module.

Full Changelog: https://github.com/chaijs/get-func-name/commits/v2.0.2

v2.0.1

What's Changed

Fix GHSA-4q6p-r6v2-jvc5

Full Changelog: https://github.com/chaijs/get-func-name/commits/v2.0.1

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by keithamus, a new releaser for get-func-name since your current version.

Updates json-bigint from 0.3.0 to 1.0.0

Commits

• 390482a 1.0.0
• f2d8f83 typo
• 6ee392e Merge pull request #37 from sidorares/fix/prototype
• c85a430 MAJOR: Add protoAction and constructorAction options
• 4c2dbf4 build: add node 14
• b348ea3 fix assertion after chai upgrade
• 725777c add files section and bump deps
• ebd1d91 add prettier config
• 6c659f5 Merge pull request #36 from babyadoresorange/master
• 1556563 update README
• Additional commits viewable in compare view

Updates lodash from 4.17.15 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates node-fetch from 2.6.0 to 2.7.0

Release notes

Sourced from node-fetch's releases.

v2.7.0

2.7.0 (2023-08-23)

Features

• AbortError (#1744) (9b9d458)

v2.6.13

2.6.13 (2023-08-18)

Bug Fixes

• Remove the default connection close header (#1765) (65ae25a), closes #1735 #1473 #1736

v2.6.12

2.6.12 (2023-06-29)

Bug Fixes

• socket variable testing for undefined (#1726) (8bc3a7c)

v2.6.11

2.6.11 (2023-05-09)

Reverts

• Revert "fix: handle bom in text and json (#1739)" (#1741) (afb36f6), closes #1739 #1741

v2.6.10

2.6.10 (2023-05-08)

Bug Fixes

• handle bom in text and json (#1739) (29909d7)

v2.6.9

2.6.9 (2023-01-30)

Bug Fixes

• "global is not defined" (#1704) (70f592d)

v2.6.8

2.6.8 (2023-01-13)

... (truncated)

Commits

• 9b9d458 feat: AbortError (#1744)
• 65ae25a fix: Remove the default connection close header (#1765)
• 8bc3a7c fix: socket variable testing for undefined (#1726)
• afb36f6 Revert "fix: handle bom in text and json (#1739)" (#1741)
• 29909d7 fix: handle bom in text and json (#1739)
• 70f592d fix: "global is not defined" (#1704)
• 0f1ebb0 Prevent error when response is null (#1699)
• 6e9464d ci(release): install dependencies
• dd2a0ba ci(release): install dependencies
• 49bef02 ci(release): use latest Node LTS
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.

Updates pathval from 1.1.0 to 1.1.1

Release notes

Sourced from pathval's releases.

v1.1.1

Fixes a security issue around prototype pollution.

Commits

• db6c3e3 chore: v1.1.1
• 7859e0e Merge pull request #60 from deleonio/fix/vulnerability-prototype-pollution
• 49ce1f4 style: correct rule in package.json
• c77b9d2 fix: prototype pollution vulnerability + working tests
• 49031e4 chore: remove very old nodejs
• 57730a9 chore: update deps and tool configuration
• a123018 Merge pull request #55 from chaijs/remove-lgtm
• 07eb4a8 Delete MAINTAINERS
• a0147cd Merge pull request #54 from astorije/patch-1
• aebb278 Center repo name on README
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by chai, a new releaser for pathval since your current version.

Updates xml2js from 0.4.19 to 0.6.2

Commits

• cf3e061 New release, 0.6.2
• cb2f77e Fix read-only constraint via mistyped key name
• 8e9a120 Update version number for release 0.6.1
• 30f9d61 Replace filtering of names with defineProperty
• ba46e54 Update package lock
• 0e29f0e Release new version
• a25035c Remove old unused files
• 1de4688 Merge pull request #680 from Leonidas-from-XIV/zap-dependency-fix
• 3b97ae5 Merge pull request #681 from Leonidas-from-XIV/cve-compat-fix
• 167a385 Fix zap to be the original dependency
• Additional commits viewable in compare view

Updates y18n from 4.0.0 to 5.0.8

Release notes

Sourced from y18n's releases.

y18n y18n-v4.0.3

Bug Fixes

• release: 4.x.x should not enforce Node 10 (#126) (1e21a53)

y18n y18n-v4.0.2

Bug Fixes

• security: ensure entry exists for backport (#120) (b22c0df)

Changelog

Sourced from y18n's changelog.

5.0.8 (2021-04-07)

Bug Fixes

• deno: force modern release for Deno (b1c215a)

5.0.7 (2021-04-07)

Bug Fixes

• deno: force release for deno (#121) (d3f2560)

5.0.6 (2021-04-05)

Bug Fixes

• webpack: skip readFileSync if not defined (#117) (6966fa9)

5.0.5 (2020-10-25)

Bug Fixes

• address prototype pollution issue (#108) (a9ac604)

5.0.4 (2020-10-16)

Bug Fixes

• exports: node 13.0 and 13.1 require the dotted object form with a string fallback (#105) (4f85d80)

5.0.3 (2020-10-16)

Bug Fixes

• exports: node 13.0-13.6 require a string fallback (#103) (e39921e)

5.0.2 (2020-10-01)

Bug Fixes

• deno: update types for deno ^1.4.0 (#100) (3834d9a)

5.0.1 (2020-09-05)

... (truncated)

Commits

• 58a9a3c chore: release 5.0.8 (#129)
• b1c215a fix(deno): force modern release for Deno
• e73fb19 chore: release 5.0.7 (#123)
• d3f2560 fix(deno): force release for deno (#121)
• e9fda61 chore: release 5.0.6 (#118)
• 6966fa9 fix(webpack): skip readFileSync if not defined (#117)
• c755582 docs: add entry for v4.0.1 (#114)
• 2d4c56c chore(deps): update dependency standardx to v6 (#110)
• b64ae70 chore: release 5.0.5 (#109)
• a9ac604 fix: address prototype pollution issue (#108)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.

Updates yargs-parser from 13.1.1 to 21.1.1

Release notes

Sourced from yargs-parser's releases.

yargs-parser: v21.1.1

21.1.1 (2022-08-04)

Bug Fixes

• typescript: ignore .cts files during publish (#454) (d69f9c3), closes #452

yargs-parser: v21.1.0

21.1.0 (2022-08-03)

Features

• allow the browser build to be imported (#443) (a89259f)

Bug Fixes

• halt-at-non-option: prevent known args from being parsed when "unknown-options-as-args" is enabled (#438) (c474bc1)
• node version check now uses process.versions.node (#450) (d07bcdb)
• parse options ending with 3+ hyphens (#434) (4f1060b)

yargs-parser: v21.0.1

21.0.1 (2022-02-27)

Bug Fixes

• return deno env object (#432) (b00eb87)

yargs-parser yargs-parser-v21.0.0

⚠ BREAKING CHANGES

• drops support for 10 (#421)

Bug Fixes

• esm json import (#416) (90f970a)
• parser should preserve inner quotes (#407) (ae11f49)

Code Refactoring

• drops support for 10 (#421) (3aaf878)

yargs-parser yargs-parser-v20.2.9

... (truncated)

Changelog

Sourced from yargs-parser's changelog.

21.1.1 (2022-08-04)

Bug Fixes

• typescript: ignore .cts files during publish (#454) (d69f9c3), closes #452

21.1.0 (2022-08-03)

Features

• allow the browser build to be imported (#443) (a89259f)

Bug Fixes

• halt-at-non-option: prevent known args from being parsed when "unknown-options-as-args" is enabled (#438) (c474bc1)
• node version check now uses process.versions.node (#450) (d07bcdb)
• parse options ending with 3+ hyphens (#434) (4f1060b)

21.0.1 (2022-02-27)

Bug Fixes

• return deno env object (#432) (b00eb87)

21.0.0 (2021-11-15)

⚠ BREAKING CHANGES

• drops support for 10 (#421)

Bug Fixes

• esm json import (#416) (90f970a)
• parser should preserve inner quotes (#407) (ae11f49)

Code Refactoring

• drops support for 10 (#421) (3aaf878)

20.2.9 (2021-06-20)

Bug Fixes

... (truncated)

Commits

• 3aba24c chore(main): release yargs-parser 21.1.1 (#455)
• d69f9c3 fix(typescript): ignore .cts files during publish (#454)
• 90067a0 chore(main): release yargs-parser 21.1.0 (#446)
• d07bcdb fix: node version check now uses process.versions.node (#450)
• c0c6079 chore(deps): update dependency puppeteer to v16 (#451)
• a89259f feat: allow the browser build to be imported (#443)
• c474bc1 fix(halt-at-non-option): prevent known args from being parsed when "unknown-o...
• fd30238 chore(deps): update dependency serve to v14 (#449)
• a072f9a chore(deps): update dependency puppeteer to v15 (#444)
• 4f1060b fix: parse options ending with 3+ hyphens (#434)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by oss-bot, a new releaser for yargs-parser since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.