Bump semver, jsonwebtoken, serverless, serverless-webpack and webpack

[dependabot]

Bumps semver to 7.5.3 and updates ancestor dependencies semver, jsonwebtoken, serverless, serverless-webpack and webpack. These dependencies need to be updated together.

Updates semver from 5.7.0 to 7.5.3

Release notes

Sourced from semver's releases.

v7.5.3

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

v7.5.2

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

v7.5.1

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

v7.5.0

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

v7.4.0

7.4.0 (2023-04-10)

Features

• 113f513 #532 identifierBase parameter for .inc (#532) (@​wraithgar, @​b-bly)
• 48d8f8f #530 export new RELEASE_TYPES constant (@​hcharley)

Bug Fixes

... (truncated)

Changelog

Sourced from semver's changelog.

7.5.3 (2023-06-22)

Bug Fixes

• abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@​lukekarrys)

Documentation

• bf53dd8 #569 add example for > comparator (#569) (@​mbtools)

7.5.2 (2023-06-15)

Bug Fixes

• 58c791f #566 diff when detecting major change from prerelease (#566) (@​lukekarrys)
• 5c8efbc #565 preserve build in raw after inc (#565) (@​lukekarrys)
• 717534e #564 better handling of whitespace (#564) (@​lukekarrys)

7.5.1 (2023-05-12)

Bug Fixes

• d30d25a #559 show type on invalid semver error (#559) (@​tjenkinson)

7.5.0 (2023-04-17)

Features

• 503a4e5 #548 allow identifierBase to be false (#548) (@​lsvalina)

Bug Fixes

• e219bb4 #552 throw on bad version with correct error message (#552) (@​wraithgar)
• fc2f3df #546 incorrect results from diff sometimes with prerelease versions (#546) (@​tjenkinson)
• 2781767 #547 avoid re-instantiating SemVer during diff compare (#547) (@​macno)

7.4.0 (2023-04-10)

Features

• 113f513 #532 identifierBase parameter for .inc (#532) (@​wraithgar, @​b-bly)
• 48d8f8f #530 export new RELEASE_TYPES constant (@​hcharley)

Bug Fixes

• 940723d #538 intersects with v0.0.0 and v0.0.0-0 (#538) (@​wraithgar)
• aa516b5 #535 faster parse options (#535) (@​H4ad)
• 61e6ea1 #536 faster cache key factory for range (#536) (@​H4ad)
• f8b8b61 #541 optimistic parse (#541) (@​H4ad)
• 796cbe2 #533 semver.diff prerelease to release recognition (#533) (@​wraithgar, @​dominique-blockchain)

... (truncated)

Commits

• 7fdf1ef chore: release 7.5.3
• bf53dd8 docs: add example for > comparator (#569)
• abdd93d fix: set max lengths in regex for numeric and build identifiers (#571)
• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease (#566)
• 5c8efbc fix: preserve build in raw after inc (#565)
• 717534e fix: better handling of whitespace (#564)
• 2f738e9 chore: bump @​npmcli/template-oss from 4.14.1 to 4.15.1 (#558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error (#559)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.

Updates jsonwebtoken from 8.5.1 to 9.0.0

Changelog

Sourced from jsonwebtoken's changelog.

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

• Removed support for Node versions 11 and below.
• The verify() function no longer accepts unsigned tokens by default. ([834503079514b72264fd13023a3b8d648afd6a16]auth0/node-jsonwebtoken@8345030)
• RSA key size must be 2048 bits or greater. ([ecdf6cc6073ea13a7e71df5fad043550f08d0fa6]auth0/node-jsonwebtoken@ecdf6cc)
• Key types must be valid for the signing / verification algorithm

Security fixes

• security: fixes Arbitrary File Write via verify function - CVE-2022-23529
• security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
• security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
• security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539

Commits

• e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
• 5eaedbf chore(ci): remove github test actions job (#861)
• cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
• ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
• 8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
• 7e6a86b Upload OpsLevel YAML (#849)
• 74d5719 docs: update references vercel/ms references (#770)
• d71e383 docs: document "invalid token" error
• 3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
• a46097e docs: make decode impossible to discover before verify
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.

Updates serverless from 1.82.0 to 3.32.2

Release notes

Sourced from serverless's releases.

3.32.2 (2023-06-02)

Maintenance Improvements

• Telemetry: Report installed docker version (39806d6) (Mariusz Nowak)

---

Comparison since last release

3.32.1 (2023-06-01)

Bug Fixes

• AWS Deploy: Revert broken vpc configuration on custom resources (#12001) (d0e3056) (Mariusz Nowak)

---

Comparison since last release

3.32.0 (2023-05-31)

Features

• AWS Lambda:
  • Response streaming for Lambda URL (#11907) (3afb71e) (Goran Rakic)
  • Do not recognize dropped nodejs12.x runtime (#11995) (032e43c) (Mariusz Nowak)
• AWS Deploy: --minify-template CLI param (#11980) (4d64730) (Mieszko Kycermann)

Bug Fixes

• AWS ALB: Allow multiple http-header conditions (#11888) (72b27cb) (Inqnuam)
• AWS CloudFront: Accept CF intrinsic functions in behavior (#11994) (41e90c3) (antoniogomezm)
• AWS Deploy:
  • Ensure vpc configuration on custom resources (#11985) (f2d1e23) (Lokesh Jawale)
  • Fix default runtime resolution (#11995) (943bf6d) (Mariusz Nowak)
• AWS Lambda: Recognize only valid .NET runtimes (#11960) (dd081bb) (Stuart Lang)

Maintenance Improvements

• Telemetry: Inspect docker availability (#11999) (83670f9) (Mariusz Nowak)
• Console: Added warning about dev mode (#11975) (e5cb8ac) (Dan Jarvis)
• Packaging: Warn on inffective functions[].package config (#11974) (88099ad) (Lokesh Jawale)

---

Comparison since last release

3.31.0 (2023-05-17)

Features

• AWS Schedule: AWS::Scheduler::Schedule based triggers (#11935) (34d922d) (Tie)
• AWS Kinesis: More reliable consumer naming mode (#9706) (9d7b121) (Peter Reshetin)
• AWS Lambda:
  • Recognize java17 runtime (#11938) (e1703c8) (Baerten Dennis)
  • Recognize python3.10 runtime (#11922) (8341d7a) (t3yamoto)

... (truncated)

Changelog

Sourced from serverless's changelog.

3.32.2 (2023-06-02)

Maintenance Improvements

• Telemetry: Report installed docker version (39806d6) (Mariusz Nowak)

3.32.1 (2023-06-01)

Bug Fixes

• AWS Deploy: Revert broken vpc configuration on custom resources (#12001) (d0e3056) (Mariusz Nowak)

3.32.0 (2023-05-31)

Features

• AWS Lambda:
  • Response streaming for Lambda URL (#11907) (3afb71e) (Goran Rakic)
  • Do not recognize dropped nodejs12.x runtime (#11995) (032e43c) (Mariusz Nowak)
• AWS Deploy: --minify-template CLI param (#11980) (4d64730) (Mieszko Kycermann)

Bug Fixes

• AWS ALB: Allow multiple http-header conditions (#11888) (72b27cb) (Inqnuam)
• AWS CloudFront: Accept CF intrinsic functions in behavior (#11994) (41e90c3) (antoniogomezm)
• AWS Deploy:
  • Ensure vpc configuration on custom resources (#11985) (f2d1e23) (Lokesh Jawale)
  • Fix default runtime resolution (#11995) (943bf6d) (Mariusz Nowak)
• AWS Lambda: Recognize only valid .NET runtimes (#11960) (dd081bb) (Stuart Lang)

Maintenance Improvements

• Telemetry: Inspect docker availability (#11999) (83670f9) (Mariusz Nowak)
• Console: Added warning about dev mode (#11975) (e5cb8ac) (Dan Jarvis)
• Packaging: Warn on inffective functions[].package config (#11974) (88099ad) (Lokesh Jawale)

3.31.0 (2023-05-17)

Features

• AWS Schedule: AWS::Scheduler::Schedule based triggers (#11935) (34d922d) (Tie)
• AWS Kinesis: More reliable consumer naming mode (#9706) (9d7b121) (Peter Reshetin)
• AWS Lambda:
  • Recognize java17 runtime (#11938) (e1703c8) (Baerten Dennis)
  • Recognize python3.10 runtime (#11922) (8341d7a) (t3yamoto)
  • Recognize new .NET runtimes (#11941) (314f32c) (Graham Campbell)
• AWS EventBridge: Recognize $or in pattern property (#11967) (d6de334) (Mitch Dempsey)

Bug Fixes

... (truncated)

Commits

• b82efaf chore: Release v3.32.2
• 3fe1531 chore: Bump dependencies
• 39806d6 refactor(Telemetry): Report installed docker version
• 76454d3 chore: Release v3.32.1
• bb06975 chore: Bump dependencies
• d0e3056 fix: Revert vpc configuration on custom resources (#12001)
• 83e194c docs: Fix issues in tutorial (#11996)
• acbfca1 chore: Release v3.32.0
• ad9fba9 chore: Bump dependencies
• 83670f9 feat(Telemetry): Inspect docker availability
• Additional commits viewable in compare view

Updates serverless-webpack from 5.3.4 to 5.11.0

Release notes

Sourced from serverless-webpack's releases.

5.11.0

What's Changed

• Detect yarn version to dynamically not add deprecated flags by @​jagonzalr in serverless-heaven/serverless-webpack#1252
• Add yarn workspaces support by @​magelle in serverless-heaven/serverless-webpack#1258
• Add missing optional peer deps by @​john-arccos in serverless-heaven/serverless-webpack#1287
• Prepare 5.11.0 by @​j0k3r in serverless-heaven/serverless-webpack#1289

New Contributors

• @​magelle made their first contribution in serverless-heaven/serverless-webpack#1258
• @​john-arccos made their first contribution in serverless-heaven/serverless-webpack#1287

Full Changelog: serverless-heaven/serverless-webpack@v5.10.0...v5.11.0

5.10.0

Main Changes

The lib is finally compatible with Yarn 2 (and above)! Thanks to @​jagonzalr (and others involved in #642). You need to define the option noNonInteractive to true in the packagerOptions in serverless.yml.

What's Changed

• Add new packagerOptions: noNonInteractive to disable interactive mode when using Yarn 2 or above by @​jagonzalr in serverless-heaven/serverless-webpack#1246
• fix: prevent duplicate artifact assignment by @​NoxHarmonium in serverless-heaven/serverless-webpack#1245
• Prepare 5.10.0 by @​j0k3r in serverless-heaven/serverless-webpack#1248

New Contributors

• @​jagonzalr made their first contribution in serverless-heaven/serverless-webpack#1246
• @​NoxHarmonium made their first contribution in serverless-heaven/serverless-webpack#1245

Full Changelog: serverless-heaven/serverless-webpack@v5.9.1...v5.10.0

5.9.1

What's Changed

• fix(compat): function level entry override by @​vicary in serverless-heaven/serverless-webpack#1226
• Prepare 5.9.1 by @​vicary in serverless-heaven/serverless-webpack#1228

Full Changelog: serverless-heaven/serverless-webpack@v5.9.0...v5.9.1

5.9.0

Main Changes

1. Webpack entries can now be overridden via function option entrypoint in serverless.yml
2. Fix a warning of undefined plugin CLI option --webpack-use-polling

... (truncated)

Commits

• c4f1141 Merge pull request #1289 from serverless-heaven/release/5.11.0
• 18cabb3 5.11.0
• be66e95 Merge pull request #1287 from john-arccos/bugfix/add-missing-optional-peer-dep
• c6a0dee adding missing optional peer deps
• 03f8bae Merge pull request #1288 from serverless-heaven/dependabot/npm_and_yarn/serve...
• 34de53c chore(deps-dev): bump serverless from 3.24.1 to 3.25.0
• e9d92e0 Merge pull request #1286 from serverless-heaven/dependabot/npm_and_yarn/examp...
• 3a088b3 chore(deps): bump minimatch in /examples/babel-webpack-4
• 6b45e3d Merge pull request #1280 from serverless-heaven/dependabot/npm_and_yarn/examp...
• 5b65523 chore(deps): bump loader-utils
• Additional commits viewable in compare view

Updates webpack from 4.44.1 to 5.88.0

Release notes

Sourced from webpack's releases.

v5.88.0

New Features

• [CSS] - Use css/auto as the default css mode by @​burhanuday in webpack/webpack#17399

Bug Fixes

• Fix bugs related to require.context and layer by @​alexander-akait in webpack/webpack#17388
• Fix bug in runtime for CSS loading by @​alexander-akait in webpack/webpack#17400
• Correct indirect call for tagged template expressions using correct this context by @​alexander-akait in webpack/webpack#17397
• Update environment support for KaiOS browser by @​steverep in webpack/webpack#17395
• Fix async module runtime code for running top-level-await by @​ahabhgk in webpack/webpack#17393

Developer Experience

• Add example for stats minimal output by @​ersachin3112 in webpack/webpack#17406
• Significantly improve type coverage for Dependency, Runtime, Template classes by @​alexander-akait in webpack/webpack#17394

Dependencies & Maintenance

• Bump browserslist from 4.21.8 to 4.21.9 by @​dependabot in webpack/webpack#17389
• Bump acorn from 8.8.2 to 8.9.0 by @​dependabot in webpack/webpack#17402
• Bump eslint from 8.42.0 to 8.43.0 by @​dependabot in webpack/webpack#17401
• Bump eslint-plugin-jest from 27.2.1 to 27.2.2 by @​dependabot in webpack/webpack#17407

New Contributors

• @​steverep made their first contribution in webpack/webpack#17395

Full Changelog: webpack/webpack@v5.87.0...v5.88.0

v5.87.0

New Features

• Implement fetchPriority feature as parser option and magic comment by @​alexander-akait in webpack/webpack#17249
• [CSS] - Introduce 'css/auto' as a css module type by @​ahabhgk in webpack/webpack#16577
• [CSS] - Style-specific fields now automatically resolve in package.json by @​burhanuday in webpack/webpack#17346
• webpack configuration API now accepts "falsy values" loaders and plugins by @​alexander-akait in webpack/webpack#17339

Bug Fixes

• Fix codecov badge in readme by @​burhanuday in webpack/webpack#17353

Developer Experience

• Add link to svelte loader for webpack by @​burhanuday in webpack/webpack#17369
• Increase parser API types in internal plugins across dependency plugins @​alexander-akait in webpack/webpack#17365

Dependencies & Maintenance

• Bump memfs from 3.5.2 to 3.5.3 by @​dependabot in webpack/webpack#17347
• Bump webpack-cli from 5.1.3 to 5.1.4 by @​dependabot in webpack/webpack#17349
• Bump es-module-lexer from 1.2.1 to 1.3.0 by @​dependabot in webpack/webpack#17362
• Bump @​types/node from 20.2.5 to 20.3.0 by @​dependabot in webpack/webpack#17361
• Bump core-js from 3.30.2 to 3.31.0 by @​dependabot in webpack/webpack#17360
• Bump browserslist from 4.21.6 to 4.21.8 by @​dependabot in webpack/webpack#17367
• Bump @​types/node from 20.3.0 to 20.3.1 by @​dependabot in webpack/webpack#17366

New Contributors

... (truncated)

Commits

• 1e18b1d 5.88.0
• d15c734 Merge pull request #17394 from webpack/refactor-more-types
• cff406c refactor(types): more
• 3f71468 refactor(types): more
• d9d64b5 refactor(types): more
• d1f1433 Merge pull request #17406 from ersachin3112/stats-minimal
• e226101 refactor(types): more
• a911bd9 refactor(types): more
• e381884 refactor(types): more
• 4809421 refactor(types): more
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by thelarkinn, a new releaser for webpack since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.