build(deps): bump the npm_and_yarn group across 1 directory with 12 updates

[dependabot]

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package	From	To
nuxt	2.17.2	3.12.4
braces	2.3.2	3.0.3
webpack	4.47.0	5.96.1
cross-spawn	7.0.3	7.0.6
follow-redirects	1.15.3	1.15.9

Updates nuxt from 2.17.2 to 3.12.4

Release notes

Sourced from nuxt's releases.

v3.12.4

3.12.4 is the next regularly scheduled patch release.

👉 Changelog

compare changes

🔥 Performance

• vite: Start warmups after nitro build (#27963)
• vite: Avoid extra resolve call for resolveId in layers (#27971)
• kit,nuxt,schema,vite,webpack: Use explicit exports (#27998)

🩹 Fixes

• schema: Resolve public alias correctly (#27975)
• nuxt: Omit rendering payload prefetch when noScripts (#27972)
• nuxt: Add / as fallback if page can't be identified (e6109b226)
• ui-templates: Validate templates with html-validate (#28024)
• schema: Don't constrain postcss plugin options (#28045)
• kit: Remove exports from v4 branch (5c8312e9b)
• nuxt: Use unhead key for ad-hoc module options (#28088)
• nuxt: Use native vue-router composables (#28114)
• kit: Ensure getNuxtVersion returns string (#28125)
• nuxt: Always prerender at least one page with crawler (#28131)
• nuxt: Consider doc scroll-padding-top in scrollBehavior (#28083)
• nuxt: Only warn when useAsyncData returns undefined (#28154)
• nuxt: Revert change to getCachedData null response (d10cea11b)
• schema: Don't use app/ as srcDir if it doesn't exist (#28176)
• kit: Normalise serverDir within layers using v4 compat (#28177)
• nuxt: Allow getCachedData to return undefined (#28187)
• nuxt: Use addEventListener to register cookie store listener (#28193)
• nuxt: Merge route meta properties with scanned meta (#28170)
• nuxt: Prevent duplicate set-cookie headers (#28211)

💅 Refactors

• schema,vite,webpack: Rework postcss module loading (#27946)
• nuxt: Remove _registeredComponents from ssrContext (#27819)
• nuxt: Use errx to handle dev log traces (#28027)

📖 Documentation

• Fix link (83bd4fde9)
• Fix Cloudflare spelling (#27989)
• Update example to use nuxtApp.runWithContext (#28000)
• Remove deprecated pending variable from data fetching docs (#28011)
• Clarify xrsp danger (#28053)
• Deprecate pending and emphasis undefined (#28113)
• Update phrasing in route announcer (#28108)
• Use code groups for install commands in module guide (#28094)
• Capitalize text (#28056)
• Mention content in upgrade guide v4 folder structure (#28090)
• Remove a resolved issue from view transition docs (#28091)
• Clarify navigateTo is not for nitro routes (#28092)
• Warn about nested islands (#28062)

... (truncated)

Commits

• 4a1349f v3.12.4
• b7da949 fix(nuxt): prevent duplicate set-cookie headers (#28211)
• 1843ffa refactor(nuxt): use errx to handle dev log traces (#28027)
• 11264ad fix(nuxt): merge route meta properties with scanned meta (#28170)
• 2417848 fix(nuxt): use addEventListener to register cookie store listener (#28193)
• a6af09e fix(nuxt): allow getCachedData to return undefined (#28187)
• d10cea1 fix(nuxt): revert change to getCachedData null response
• e21f681 fix(nuxt): only warn when useAsyncData returns undefined (#28154)
• 46a41ad chore(deps): update vitest to v2.0.3 (3.x) (#28153)
• a2fd051 chore(deps): update all non-major dependencies (3.x) (#28058)
• Additional commits viewable in compare view

Updates postcss from 8.4.33 to 8.4.49

Release notes

Sourced from postcss's releases.

8.4.49

• Fixed custom syntax without source.offset (by @​romainmenke).

8.4.48

• Fixed position calculation in error/warnings methods (by @​romainmenke).

8.4.47

• Removed debug code.

8.4.46

• Fixed Cannot read properties of undefined (reading 'before').

8.4.45

• Removed unnecessary fix which could lead to infinite loop.

8.4.44

• Another way to fix markClean is not a function error.

8.4.43

• Fixed markClean is not a function error.

8.4.42

• Fixed CSS syntax error on long minified files (by @​varpstar).

8.4.41

• Fixed types (by @​nex3 and @​querkmachine).
• Cleaned up RegExps (by @​bluwy).

8.4.40

• Moved to getter/setter in nodes types to help Sass team (by @​nex3).

8.4.39

• Fixed CssSyntaxError types (by @​romainmenke).

8.4.38

• Fixed endIndex: 0 in errors and warnings (by @​romainmenke).

8.4.37

• Fixed original.column are not numbers error in another case.

8.4.36

• Fixed original.column are not numbers error on broken previous source map.

8.4.35

• Avoid ! in node.parent.nodes type.
• Allow to pass undefined to node adding method to simplify types.

8.4.34

• Fixed AtRule#nodes type (by @​tim-we).
• Cleaned up code (by @​DrKiraDmitry).

Changelog

Sourced from postcss's changelog.

8.4.49

• Fixed custom syntax without source.offset (by @​romainmenke).

8.4.48

• Fixed position calculation in error/warnings methods (by @​romainmenke).

8.4.47

• Removed debug code.

8.4.46

• Fixed Cannot read properties of undefined (reading 'before').

8.4.45

• Removed unnecessary fix which could lead to infinite loop.

8.4.44

• Another way to fix markClean is not a function error.

8.4.43

• Fixed markClean is not a function error.

8.4.42

• Fixed CSS syntax error on long minified files (by @​varpstar).

8.4.41

• Fixed types (by @​nex3 and @​querkmachine).
• Cleaned up RegExps (by @​bluwy).

8.4.40

• Moved to getter/setter in nodes types to help Sass team (by @​nex3).

8.4.39

• Fixed CssSyntaxError types (by @​romainmenke).

8.4.38

• Fixed endIndex: 0 in errors and warnings (by @​romainmenke).

8.4.37

• Fixed original.column are not numbers error in another case.

8.4.36

• Fixed original.column are not numbers error on broken previous source map.

8.4.35

• Avoid ! in node.parent.nodes type.
• Allow to pass undefined to node adding method to simplify types.

8.4.34

• Fixed AtRule#nodes type (by Tim Weißenfels).
• Cleaned up code (by Dmitry Kirillov).

Commits

• aed8b89 Release 8.4.49 version
• 3450630 Fix position calculations when offset is missing (#1983)
• 77420d6 Release 8.4.48 version
• 341529f Update dependencies
• 66fa667 Add Node.js 23 to CI
• 1a8b261 fix inconsistent position calculations (#1980)
• 1cc6ac3 Clarify usage in docs
• 5e6fd13 Release 8.4.47 version
• 714bc10 Typo
• 439d20e Release 8.4.46 version
• Additional commits viewable in compare view

Updates braces from 2.3.2 to 3.0.3

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

• Changelogs are for humans, not machines.
• There should be an entry for every single version.
• The same types of changes should be grouped.
• Versions and sections should be linkable.
• The latest version comes first.
• The release date of each versions is displayed.
• Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

• Added for new features.
• Changed for changes in existing functionality.
• Deprecated for soon-to-be removed features.
• Removed for now removed features.
• Fixed for any bug fixes.
• Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

• The undocumented .makeRe method was removed

Non-breaking changes

• Caching was removed

Commits

• See full diff in compare view

Updates webpack from 4.47.0 to 5.96.1

Release notes

Sourced from webpack's releases.

v5.96.1

Bug Fixes

• [Types] Add @types/eslint-scope to dependencieS
• [Types] Fixed regression in validate

v5.96.0

Bug Fixes

• Fixed Module Federation should track all referenced chunks
• Handle Data URI without base64 word
• HotUpdateChunk have correct runtime when modified with new runtime
• Order of chunks ids in generated chunk code
• No extra Javascript chunks when using asset module as an entrypoint
• Use optimistically logic for output.environment.dynamicImport to determine chunk format when no browserslist or target
• Collision with global variables for optimization.avoidEntryIife
• Avoid through variables in inlined module
• Allow chunk template strings in output.devtoolNamespace
• No extra runtime for get javascript/css chunk filename
• No extra runtime for prefetch and preload in JS runtime when it was unsed in CSS
• Avoid cache invalidation using ProgressPlugin
• Increase parallelism when using importModule on the execution stage
• Correctly parsing string in export and import
• Typescript types
• [CSS] css/auto considers a module depending on its filename as css (pure CSS) or css/local, before it was css/global and css/local
• [CSS] Always interpolate classes even if they are not involved in export
• [CSS] No extra runtime in Javascript runtime chunks for asset modules used in CSS
• [CSS] No extra runtime in Javascript runtime chunks for external asset modules used in CSS
• [CSS] No extra runtime for the node target
• [CSS] Fixed url()s and @import parsing
• [CSS] Fixed - emit a warning on broken :local and :global

New Features

• Export CSS and ESM runtime modules
• Single Runtime Chunk and Federation eager module hoisting
• [CSS] Support /* webpackIgnore: true */ for CSS files
• [CSS] Support src() support
• [CSS] CSS nesting in CSS modules

v5.95.0

Bug Fixes

• Fixed hanging when attempting to read a symlink-like file that it can't read
• Handle default for import context element dependency
• Merge duplicate chunks call after split chunks
• Generate correctly code for dynamically importing the same file twice and destructuring
• Use content hash as [base] and [name] for extracted DataURI's
• Distinguish module and import in module-import for externals import's

... (truncated)

Commits

• d4ced73 chore(release): 5.96.1
• 7d6dbea fix: types regression in validate
• 5c556e3 fix: types regression in validate
• 2420eae fix: add @types/eslint-scope to dependencies due types regression
• ec45d2d fix: add @types/eslint-scope to dependencies
• aff0c3e chore(release): 5.96.0
• 6f11ec1 refactor: module source types code
• b07142f refactor: module source types code
• 7d98b3c fix: Module Federation should track all referenced chunks
• 6d09769 chore: linting
• Additional commits viewable in compare view

Updates cross-spawn from 7.0.3 to 7.0.6

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

• update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

• fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

• disable regexp backtracking (#160) (5ff3a07)

Commits

• 77cd97f chore(release): 7.0.6
• 6717de4 chore: upgrade standard-version
• f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
• 9a7e3b2 chore: fix build status badge
• 0852683 chore(release): 7.0.5
• 640d391 fix: fix escaping bug introduced by backtracking
• bff0c87 chore: remove codecov
• a7c6abc chore: replace travis with github workflows
• 9b9246e chore(release): 7.0.4
• 5ff3a07 fix: disable regexp backtracking (#160)
• Additional commits viewable in compare view

Updates follow-redirects from 1.15.3 to 1.15.9

Commits

• e4e55c7 Release version 1.15.9 of the npm package.
• 31a1abf Attempt much more gentle detection.
• d2aaa97 Fix url field.
• 62558f0 Release version 1.15.8 of the npm package.
• a8d1cee Return subtlety.
• 458ca8e Fix native URL test for Node 20.
• ca49e44 Handle KeepAlive connections in tests.
• f3711d7 Test on Node 20 and 22.
• fda0faf Fix typo.
• 760757f Release version 1.15.7 of the npm package.
• Additional commits viewable in compare view

Updates micromatch from 3.1.10 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

4.0.4

• fix: Update picomatch to fix regression #179 (8becb55)

4.0.3

• Enforce newer version of picomatch with bugfixes

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

• this is basically v4.0.5, with some README updates
• it is vulnerable to CVE-2024-4067
• Updated braces to v3.0.3 to avoid CVE-2024-4068
• does NOT break API compatibility

[4.0.6] - 2024-05-21

• Added hasBraces to check if a pattern contains braces.
• Fixes CVE-2024-4067
• BREAKS API COMPATIBILITY
• Should be labeled as a major release, but it's not.

[4.0.1 - 4.0.5]

[4.0.0] - 2019-03-20

Added

• Adds support for options.onMatch. See the readme for details
• Adds support for options.onIgnore. See the readme for details
• Adds support for options.onResult. See the readme for details

Breaking changes

• Require Node.js >= 8.6
• Removed support for passing an array of brace patterns to micromatch.braces().
• To strictly enforce closing brackets (for {, [, and (), you must now use strictBrackets=true instead of strictErrors.
• cache - caching and all related options and methods have been removed
• options.unixify was renamed to options.windows
• options.nodupes Was removed. Duplicates are always removed by default. You can override this with custom behavior by using the onMatch, onResult and onIgnore functions.
• options.snapdragon was removed, as snapdragon is no longer used.
• options.sourcemap was removed, as snapdragon is no longer used, which provided sourcemap support.

[3.0.0] - 2017-04-11

Complete overhaul, with 36,000+ new unit tests validated against actual output generated by Bash and minimatch. More specifically, 35,000+ of the tests:

• micromatch results are directly compared to bash results
• in rare cases, when micromatch and bash disagree, micromatch's results are compared to minimatch's results
• micromatch is much more accurate than minimatch, so there were cases where I had to make assumptions. I'll try to document these.

This refactor introduces a parser and compiler that are supersets of more granular parsers and compilers from other sub-modules. Each of these sub-modules has a singular responsibility and focuses on a certain type of matching that aligns with a specific part of the Bash "expansion" API.

These sub-modules work like plugins to seamlessly create the micromatch parser/compiler, so that strings are parsed in one pass, an AST is created, then a new string is generated by the compiler.

... (truncated)

Commits

• 8bd704e 4.0.8
• a0e6841 run verb to generate README documentation
• 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
• 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
• 814f5f7 lint
• 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
• 113f2e3 fix: CVE numbers in CHANGELOG
• d9dbd9a feat: updated CHANGELOG
• 2ab1315 fix: use actions/setup-node@v4
• 1406ea3 feat: rework test to work on macos with node 10,12 and 14
• Additional commits viewable in compare view

Updates send from 0.18.0 to 0.19.0

Release notes

Sourced from send's releases.

0.19.0

What's Changed

• Remove link renderization in html while redirecting (pillarjs/send#235)

New Contributors

• @​UlisesGascon made their first contribution in pillarjs/send#235

Full Changelog: pillarjs/send@0.18.0...0.19.0

Changelog

Sourced from send's changelog.

0.19.0 / 2024-09-10

• Remove link renderization in html while redirecting

Commits

• 9d2db99 0.19.0
• ae4f298 Merge commit from fork
• See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for send since your current version.

Updates serve-static from 1.15.0 to 1.16.2

Release notes

Sourced from serve-static's releases.

1.16.0

What's Changed

• Remove link renderization in html while redirecting (expressjs/serve-static#173)

New Contributors

• @​UlisesGascon made their first contribution in expressjs/serve-static#173

Full Changelog: expressjs/serve-static@v1.15.0...1.16.0

Changelog

Sourced from serve-static's changelog.

1.16.2 / 2024-09-11

• deps: encodeurl@~2.0.0

1.16.1 / 2024-09-11

• deps: [email protected]

1.16.0 / 2024-09-10

• Remove link renderization in html while redirecting

Commits

• ec9c5ec 1.16.2
• f454d37 fix(deps): encodeurl@~2.0.0
• 77a8255 1.16.1
• 4263f49 fix(deps): [email protected]
• 48c7397 1.16.0
• 0c11fad Merge commit from fork
• See full diff in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for serve-static since your current version.

Updates tar from 6.2.0 to 6.2.1

Commits

• bef7b1e 6.2.1
• fe8cd57 prevent extraction in excessively deep subfolders
• fe7ebfd remove security.md
• See full diff in compare view

Updates vue from 2.7.16 to 3.5.13

Release notes

Sourced from vue's releases.

v3.5.13

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.12

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.11

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.10

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.9

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.8

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.7

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.6

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.5

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.4

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.3

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.2

For stable releases, please refer to CHANGELOG.md for details. For pre-releases, please refer to CHANGELOG.md of the minor branch.

v3.5.1

For stable releases, please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vue's changelog.

3.5.13 (2024-11-15)

Bug Fixes

• compiler-core: handle v-memo + v-for with functional key (#12014) (99009ee), closes #12013
• compiler-dom: properly stringify template string style (#12392) (2d78539), closes #12391
• custom-element: avoid triggering mutationObserver when relecting props (352bc88), closes #12214 #12215
• deps: update dependency postcss to ^8.4.48 (#12356) (b5ff930)
• hydration: the component vnode's el should be updated when a mismatch occurs. (#12255) (a20a4cb), closes #12253
• reactiivty: avoid unnecessary watcher effect removal from inactive scope (2193284), closes #5783 #5806
• reactivity: release nested effects/scopes on effect scope stop (#12373) (bee2f5e), closes #12370
• runtime-dom: set css vars before user onMounted hooks (2d5c5e2), closes #11533
• runtime-dom: set css vars on update to handle child forcing reflow in onMount (#11561) (c4312f9)
• ssr: avoid updating subtree of async component if it is resolved (#12363) (da7ad5e), closes #12362
• ssr: ensure v-text updates correctly with custom directives in SSR output (#12311) (1f75d4e), closes #12309
• ssr: handle initial selected state for select with v-model + v-for option (#12399) (4f8d807), closes #12395
• teleport: handle deferred teleport update before mounted (#12168) (8bff142), closes #12161
• templateRef: set ref on cached async component which wrapped in KeepAlive (#12290) (983eb50), closes #4999 #5004
• test: update snapshot (#12169) (828d4a4)
• Transition: fix transition memory leak edge case (#12182) (660132d), closes #12181
• transition: reflow before leave-active class after leave-from (#12288) (4b479db), closes #2593
• types: defineEmits w/ interface declaration (#12343) (1022eab), closes #8457
• v-once: setting hasOnce to current block only when in v-once (#12374) (37300fc), closes #12371

Performance Improvements

• reactivity: do not track inner key `__v_skip`` (#11690) (d637bd6)
• runtime-core: use feature flag for call to resolveMergedOptions (#12163) (1755ac0)

3.5.12 (2024-10-11)

Bug Fixes

• compiler-dom: avoid stringify option with null value (#12096) (f6d9926), closes #12093
• compiler-sfc: do not skip TSInstantiationExpression when transforming props destructure (#12064) (d3ecde8)
• compiler-sfc: use sass modern api if available and avoid deprecation warning (#11992) (4474c11)
• compiler: clone loc to ifNode (#12131) (cde2c06), closes vuejs/language-tools#4911
• custom-element: properly remove hyphenated attribute (#12143) (e16e9a7), closes #12139
• defineModel: handle kebab-case model correctly (#12063) (c0418a3), closes #12060
• deps: update dependency monaco-editor to ^0.52.0 (#12119) (f7cbea2)
• hydration: provide compat fallback for idle callback hydration strategy (#11935) (1ae545a)
• reactivity: trigger reactivity for Map key undefined (#12055) (7ad289e), closes #12054
• runtime-core: allow symbol values for slot prop key (#12069) (d9d4d4e), closes #12068
• runtime-core: fix required prop check false positive for kebab-case edge cases (#12034) (9da1ac1), closes #12011
• runtime-dom: prevent unnecessary updates in v-model checkbox when value is unchanged (#12146) (ea943af), closes #12144

... (truncated)

Commits

• See full diff in compare view

Updates ws from 7.5.9 to 8.18.0

Release notes

Sourced from ws's releases.

8.18.0

Features

• Added support for Blob (#2229).

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

... (truncated)

Commits

• 976c53c [dist] 8.18.0
• 59b9629 [feature] Add support for Blob (#2229)
• 0d1b5e6 [security] Use more descriptive text for 2017 vulnerability link
• 15f11a0 [security] Add new DoS vulnerability to SECURITY.md
• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• b73b118 [dist] 8.17.0
• 29694a5 [test] Use the highWaterMark variable
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.