Bump the npm_and_yarn group across 5 directories with 34 updates

[dependabot]

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package	From	To
chromedriver	113.0.0	126.0.5
firebase-tools	9.23.3	13.6.0
karma	6.2.0	6.3.16
@babel/traverse	7.21.5	7.24.8
braces	3.0.2	3.0.3
gulp	4.0.2	5.0.0
webpack	4.43.0	5.93.0
browserify-sign	4.2.1	4.2.3
express	4.18.2	4.19.2

Bumps the npm_and_yarn group with 12 updates in the /authui-container directory:

Package	From	To
chromedriver	103.0.0	126.0.5
karma	6.4.0	6.4.3
minimist	1.2.6	1.2.8
@types/minimist	1.2.2	1.2.5
@babel/traverse	7.18.6	7.24.8
protobufjs	6.11.3	6.11.4
@grpc/grpc-js	1.6.7	1.11.1
braces	3.0.2	3.0.3
browserify-sign	4.2.1	4.2.3
express	4.18.1	4.19.2
postcss	7.0.39	8.4.39
css-loader	3.6.0	7.1.2

Bumps the npm_and_yarn group with 5 updates in the /sample/app directory:

Package	From	To
minimist	1.2.5	1.2.8
request	2.88.0	2.88.2
express	4.17.1	4.19.2
jsonwebtoken	9.0.0	9.0.2
qs	6.5.2	6.5.3

Bumps the npm_and_yarn group with 10 updates in the /sample/authui directory:

Package	From	To
@babel/traverse	7.18.6	7.24.8
protobufjs	6.11.3	6.11.4
@grpc/grpc-js	1.6.7	1.11.1
braces	3.0.2	3.0.3
@angular-devkit/build-angular	0.1002.1	18.1.1
decode-uri-component	0.2.0	0.2.2
follow-redirects	1.15.1	1.15.6
socket.io	2.5.0	2.5.1
socket.io-parser	3.3.2	3.3.3
@angular/core	10.2.5	11.0.5

Bumps the npm_and_yarn group with 13 updates in the /sample/authui-firebaseui directory:

Package	From	To
node-forge	0.10.0	1.3.1
google-p12-pem	3.1.2	3.1.4
firebase-tools	9.21.0	13.6.0
@babel/traverse	7.15.4	7.24.8
braces	3.0.2	3.0.3
webpack	4.46.0	5.93.0
webpack-cli	3.3.12	5.1.4
ws	7.5.5	7.5.10
express	4.17.1	4.19.2
json5	1.0.1	1.0.2
loader-utils	1.4.0	1.4.2
postcss	7.0.39	8.4.39
css-loader	3.6.0	7.1.2

Updates chromedriver from 113.0.0 to 126.0.5

Commits

• cb30986 Bump version to 126.0.5
• 70ba011 Bump version to 126.0.4
• f70f7b1 Bump version to 126.0.3
• 2851e58 Bump version to 126.0.2
• 4636441 Bump version to 126.0.1
• 50b1551 Update package-lock.json to fix dep
• 5e11bd4 Bump version to 126.0.0
• 6043aaf Remove node.js from build and scripts
• 6699ac7 Bump version to 125.0.3
• e7429c0 Use node 22 where possible in build
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by giggio, a new releaser for chromedriver since your current version.

Updates firebase-tools from 9.23.3 to 13.6.0

Release notes

Sourced from firebase-tools's releases.

v13.6.0

• Released Firestore Emulator 1.19.4. This version fixes a minor bug with reserve ids and adds a reset endpoint for Datastore Mode.
• Released PubSub Emulator 0.8.2. This version includes support for no_wrapper options.
• Fixes issue where GitHub actions service account cannot add preview URLs to Auth authorized domains. (#6895)
• Fixes issue where GOOGLE_CLOUD_QUOTA_PROJECT breaks functions source uploads (#6917)

v13.5.2

• Fix hosting rewrite deployment bug for skipped functions (#6658).

v13.5.1

• Release Emulator Suite UI v1.11.8 which adds support for Multiple DBs in the Emulator UI Firestore page via editing the URL. (#6874)

v13.5.0

• Enable dynamic debugger port for functions + support for inspecting multiple codebases (#6854)
• Inject an environment variable in the node functions emulator to tell the google-gax SDK not to look for the metadata service. (#6860)
• Release Firestore Emulator 1.19.3 which fixes ancestor and namespace scope queries for Datastore Mode. This release also fixes internal errors seen across REST API and firebase-js-sdk.
• v2 scheduled functions with explicit service accounts trigger eventarc to use that service account (#6858)
• v2 event functions with explicit service accounts trigger eventarc to use that service account (#6859)

v13.4.1

• Released Firestore emulator v1.19.2, which fixes some bugs affecting client SDKs when in Datastore Mode.
• Fix demo projects + web frameworks with emulators (#6737)
• Fix Next.js static routes with server actions (#6664)
• Fixed an issue where GOOGLE_CLOUD_QUOTA_PROJECT was not correctly respected. (#6801)
• Make VPC egress settings in functions parameterizeable (#6843)

v13.4.0

• Added new commands for managing Firestore backups and restoring databases. (#6778)
• Fixed quota attribution for Firebase Auth API calls. (#6819)

v13.3.1

• Release Cloud Firestore emulator v1.19.1:
  • Adds support for Datastore Mode to the Firstore Emulator. Adds --database-mode flag to gcloud emulator firestore start command. Note that this is a preview feature and if you find any bugs, please file them here: https://github.com/firebase/firebase-tools/issues.
• Improve FAH onboarding flow to connect backends with SCMs (#6764).
• Fixed issue where GitHub actions would fail due to lack of permission. (#6791)

v13.3.0

• Improved detection for when login has expired due to Google Cloud Session Control. (#1846)
• Added support for Python 3.12. (#6679)
• Fixed issues with internal utilities. (#6754)
• Fixed an issue where firestore:delete wouldn't target the emulator when expected. (#6537)

v13.2.1

• Fixed an issue where appdistribution:distribute would always attempt to run tests. (#6749)

v13.2.0

• Added rudimentary email enumeration protection for auth emulator. (#6702)

... (truncated)

Commits

• f6b7d05 13.6.0
• a26c3d0 Ignore quota project in GCF source uploads (#6917)
• 476bd33 Update to PubSub emulator 0.8.2 (#6916)
• ccab9b7 Add Service Usage Consumer role to GitHub Actions service account (#6895)
• 4c1bd42 Switching a few more places to getters (#6914)
• 6950829 Fix "could not assert Secret Manager permissions" Cloud Build error (#6904)
• 4a17ca7 Refactor api.ts file constants to getters (#6913)
• c6d1615 Update Firestore Emulator version (#6912)
• 90b6506 Vector config support (#6900)
• dc13cb9 make fetchLinkableGitRepositories get all linkable git repositories (#6889)
• Additional commits viewable in compare view

Updates karma from 6.2.0 to 6.3.16

Release notes

Sourced from karma's releases.

v6.3.16

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

v6.3.15

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

v6.3.14

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

v6.3.13

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #3751

v6.3.12

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

v6.3.11

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

... (truncated)

Changelog

Sourced from karma's changelog.

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes karma-runner/karma-coverage#434

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #3734

... (truncated)

Commits

• ab4b328 chore(release): 6.3.16 [skip ci]
• ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
• c1befa0 chore(release): 6.3.15 [skip ci]
• d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
• 653c762 ci: prevent duplicate CI tasks on creating a PR
• c97e562 chore(release): 6.3.14 [skip ci]
• 91d5acd fix: remove string template from client code
• 69cfc76 fix: warn when singleRun and autoWatch are false
• 839578c fix(security): remove XSS vulnerability in returnUrl query param
• db53785 chore(release): 6.3.13 [skip ci]
• Additional commits viewable in compare view

Updates @babel/traverse from 7.21.5 to 7.24.8

Release notes

Sourced from @​babel/traverse's releases.

v7.24.8 (2024-07-11)

Thanks @​H0onnn, @​jkup and @​SreeXD for your first pull requests!

👓 Spec Compliance

• babel-parser
  • #16567 Do not use strict mode in TS declare (@​liuxingbaoyu)

🐛 Bug Fix

• babel-generator
  • #16630 Correctly print parens around in in for heads (@​nicolo-ribaudo)
  • #16626 Fix printing of comments in await using (@​nicolo-ribaudo)
  • #16591 fix typescript code generation for yield expression inside type expre… (@​SreeXD)
• babel-parser
  • #16613 Disallow destructuring assignment in using declarations (@​H0onnn)
  • #16490 fix: do not add .value: undefined to regexp literals (@​liuxingbaoyu)
• babel-types
  • #16615 Remove boolean props from ObjectTypeInternalSlot visitor keys (@​nicolo-ribaudo)
• babel-plugin-transform-typescript
  • #16566 fix: Correctly handle export import x = (@​liuxingbaoyu)

💅 Polish

• babel-generator
  • #16625 Avoid unnecessary parens around async in for await (@​nicolo-ribaudo)
• babel-traverse
  • #16619 Avoid checking Scope.globals multiple times (@​liuxingbaoyu)

Committers: 9

• Amjad Yahia Robeen Hassan (@​amjed-98)
• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Jon Kuperman (@​jkup)
• Nagendran N (@​SreeXD)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Sukka (@​SukkaW)
• @​H0onnn
• @​liuxingbaoyu

v7.24.7 (2024-06-05)

🐛 Bug Fix

• babel-node
  • #16554 Allow extra flags in babel-node (@​nicolo-ribaudo)
• babel-traverse
  • #16522 fix: incorrect constantViolations with destructuring (@​liuxingbaoyu)
• babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
  • #16524 fix: Transform using in switch correctly (@​liuxingbaoyu)

🏠 Internal

• babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.8 (2024-07-11)

👓 Spec Compliance

• babel-parser
  • #16567 Do not use strict mode in TS declare (@​liuxingbaoyu)

🐛 Bug Fix

• babel-generator
  • #16630 Correctly print parens around in in for heads (@​nicolo-ribaudo)
  • #16626 Fix printing of comments in await using (@​nicolo-ribaudo)
  • #16591 fix typescript code generation for yield expression inside type expre… (@​SreeXD)
• babel-parser
  • #16613 Disallow destructuring assignment in using declarations (@​H0onnn)
  • #16490 fix: do not add .value: undefined to regexp literals (@​liuxingbaoyu)
• babel-types
  • #16615 Remove boolean props from ObjectTypeInternalSlot visitor keys (@​nicolo-ribaudo)
• babel-plugin-transform-typescript
  • #16566 fix: Correctly handle export import x = (@​liuxingbaoyu)

💅 Polish

• babel-generator
  • #16625 Avoid unnecessary parens around async in for await (@​nicolo-ribaudo)
• babel-traverse
  • #16619 Avoid checking Scope.globals multiple times (@​liuxingbaoyu)

v7.24.7 (2024-06-05)

🐛 Bug Fix

• babel-node
  • #16554 Allow extra flags in babel-node (@​nicolo-ribaudo)
• babel-traverse
  • #16522 fix: incorrect constantViolations with destructuring (@​liuxingbaoyu)
• babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
  • #16524 fix: Transform using in switch correctly (@​liuxingbaoyu)

🏠 Internal

• babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16525 Delete unused array helpers (@​blakewilson)

v7.24.6 (2024-05-24)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16514 Fix source maps for private member expressions (@​nicolo-ribaudo)
• babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • #16515 Fix source maps for template literals (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16485 Support undecorated static accessor in anonymous classes (@​JLHwung)
  • #16484 Fix decorator bare yield await (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
• babel-parser, babel-plugin-transform-typescript

... (truncated)

Commits

• 1f5af44 v7.24.8
• c90bb0c [babel 8] Remove methods starting with _ in @babel/traverse (#16504)
• e0368a8 Avoid checking Scope.globals multiple times (#16619)
• 683c654 Enable some lint rules (#16605)
• cfe13c2 [babel 8] Update globals dependency (#16600)
• c36fa6a Update typescript-eslint v8 (#16557)
• 12619ff improve getBindingIdentifiers.keys typing (#16570)
• 424fc90 Update to TypeScript 5.5 (#16536)
• bf1e9a3 v7.24.7
• 4463aa5 fix: incorrect constantViolations with destructuring (#16522)
• Additional commits viewable in compare view

Updates protobufjs from 6.11.2 to 6.11.3

Commits

• See full diff in compare view

Updates @grpc/grpc-js from 1.6.12 to 1.7.3

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.11.1

• Revert a change that used APIs that were not available in early minor versions of Node 14 (#2799 contributed by @​xqin)

@​grpc/grpc-js-xds 1.11.0

• Add xDS Servers (#2783)
  • Note: this is primarily a foundation for future features. It doesn't actually do much right now.
• Add support for dualstack socket support in xDS clients (#2665)

@​grpc/grpc-js 1.11.0

Changelog

• Add Server connection injection API as described in gRFC L114 (#2675)
• Implement support for an alternate DNS resolver that supports custom authorities (#2776 contributed by @​gkampitakis)
• Add a channel option to configure retry attempt limits (#2795)
• Add a getHost method to server call objects (#2783, #2793)
• Fix typos and omissions in service config validation errors (#2782 contributed by @​matthewbinshtok)

Experimental API changes

Added:

• splitHostPort
• HostPort
• createServerCredentialsWithInterceptors

@​grpc/grpc-js 1.10.11

• Fix a bug that caused clients to reconnect unnecessarily while no requests are pending. (#2784)
• Fix a bug that caused clients to fail to re-establish existing connections while waiting for DNS results (#2784)
• Fix a bug that caused servers to sometimes not close idle connections depending on timing (#2790)
• Fix a bug that caused calls to be pending indefinitely while unable to start after a channel is closed (#2791)

@​grpc/grpc-js 1.10.10

• Various improvements to handling of keepalive timers (#2760 by @​davidfiala)
• Fix a bug causing unary response client requests to hang when unexpectedly receiving multiple messages (#2772)
• Fix a bug causing some requests to fail when making requests through a local proxy (#2746 contributed by @​mjameswh, backported in #2777)
• Fix handling of URL-encoded user credentials in proxy configuration (#2761 contributed by @​brendan-myers, backported in #2777)
• Fix missing client-side handling of the grpc.max_send_message_length channel option (#2779)

@​grpc/grpc-js 1.10.9

• Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@​grpc/grpc-js 1.10.8

• Fix a bug that caused channels with unix: targets to not reconnect after the channel goes idle (#2750)

@​grpc/grpc-js 1.10.7

• Improve reporting of HTTP error codes (#2723)
• Update dependency on @grpc/proto-loader to the latest version (#2732)

@​grpc/grpc-js 1.10.6

• Fix a bug that could cause a server to sometimes send the status early (#2708)

... (truncated)

Commits

• 43032b1 Merge pull request #2800 from murgatroid99/grpc-js_1.11.1
• 2ecd53d grpc-js: Bump to 1.11.1
• 4da4fdc Merge pull request #2799 from xqin/master
• 996a637 support node v14 again
• 87ea7ce Merge pull request #2797 from murgatroid99/grpc-js_1.11.0_real
• 2ee8911 grpc-js: Bump packages to 1.11.0, and update documentation
• 7e4c8f0 Merge pull request #2796 from murgatroid99/grpc-js_1.11.0
• bf8e071 grpc-js: Bump packages to 1.11.0, and update documentation
• e13d5e7 Merge pull request #2793 from murgatroid99/grpc-js_server_call_get_host
• d60f516 Merge pull request #2795 from murgatroid99/grpc-js_retry_limit_option
• Additional commits viewable in compare view

Updates axios from 1.4.0 to 1.7.2

Release notes

Sourced from axios's releases.

Release v1.7.2

Release notes:

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.1

Release notes:

Bug Fixes

• fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.0

Release notes:

Features

• adapter: add fetch adapter; (#6371) (a3ff99b)

Bug Fixes

• core/axios: handle un-writable error stack (#6362) (81e0455)

Contributors to this release

• Dmitriy Mozgovoy
• Jay
• Alexandre ABRIOUX

Release v1.7.0-beta.2

Release notes:

Bug Fixes

• fetch: capitalize HTTP method names; (#6395) (ad3174a)
• fetch: fix & optimize progress capturing for cases when the request data has a nullish value or zero data length (#6400) (95a3e8e)
• fetch: fix headers getting from a stream response; (#6401) (870e0a7)

Contributors to this release

• Dmitriy Mozgovoy

Release v1.7.0-beta.1

Release notes:

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.2 (2024-05-21)

Bug Fixes

• fetch: enhance fetch API detection; (#6413) (4f79aef)

Contributors to this release

• Dmitriy Mozgovoy

1.7.1 (2024-05-20)

Bug Fixes

• fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)

Contributors to this release

• Dmitriy Mozgovoy

1.7.0 (2024-05-19)

Features

• adapter: add fetch adapter; (#6371) (a3ff99b)

Bug Fixes

• core/axios: handle un-writable error stack (#6362) (81e0455)

Contributors to this release

• Dmitriy Mozgovoy
• Jay
• Alexandre ABRIOUX

1.7.0-beta.2 (2024-05-19)

Bug Fixes

• fetch: capitalize HTTP method names; (#6395) (ad3174a)
• fetch: fix & optimize progress capturing for cases when the request data has a nullish value or zero data length (#6400) (95a3e8e)
• fetch: fix headers getting from a stream response; (#6401) (870e0a7)

Contributors to this release

... (truncated)

Commits

• 0e4f9fa chore(release): v1.7.2 (#6414)
• 4f79aef fix(fetch): enhance fetch API detection; (#6413)
• 67d1373 chore(release): v1.7.1 (#6411)
• 733f15f fix(fetch): fixed ReferenceError issue when TextEncoder is not available in t...
• 3041c61 [Release] v1.7.0 (#6408)
• 18b13cb chore(docs): add fetch adapter docs; (#6407)
• e62099b fix(fetch): fixed a possible memory leak in the AbortController for the strea...
• b49aa8e chore(release): v1.7.0-beta.2 (#6403)
• d57f03a chore(ci): bump create-pull-request version to fix a bug; (#6405)
• 097b0d1 chore(ci): add tag resolution for npm releases based on package version; (#6404)
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates gulp from 4.0.2 to 5.0.0

Release notes

Sourced from gulp's releases.

gulp v5.0.0

We've tried to provide a high-level changelog for gulp v5 below, but it doesn't contain all changes from the 60+ dependencies that we maintain.

Please see individual changelogs to drill down into all changes that were made.

⚠ BREAKING CHANGES

• Drop support for Node.js <10.13
• Default stream encoding to UTF-8
• Standardized on anymatch library for globbing paths. All globs should work the same between src and watch now!
• Removed support for ordered globs. This aligns with the chokidar globbing implementation. If you need your globs to be ordered, you can use ordered-read-stream
• All globs and paths are normalized to unix-like filepaths
• Only allow JS variants for .gulp.* config files
• Removed support for alpha releases of v4 from gulp-cli
• Removed the --verify flag
• Renamed the --require flag to --preload to avoid conflicting with Node.js flags
• Removed many legacy and deprecated loaders
• Upgrade to chokidar v3
• Clone Vinyl objects with stream contents using teex, but no longer wait for all streams to flow before cloned streams will receive data
• Stop using process.umask() to make directories, instead falling back to Node's default mode
• Throw on non-function, non-string option coercers
• Drop support of Node.js snake_case flags
• Use a Symbol for attaching the gulplog namespace to the store
• Use a Symbol for attaching the gulplog store to the global
• Use sha256 to hash the v8flags cache into a filename

Features

• Streamlined the dependency tree
• Switch all streams implementation to Streamx
• Rewrote glob-stream to use a custom directory walk that relies on newer Node.js features and is more performant than old implementation
• Implement translation support for all CLI messages and all messages passing through gulplog
• Allow users to customize or remove the timestamp from their logs
• Upgraded gulplog to v2. Messages logged via v1 will also display a deprecated warning. Plugins should update to v2 as the community upgrades to gulp 5
• Added support for gulpile.cjs and gulpfile.mjs
• Add support for swc, esbuild, sucrase, and mdx loaders
• Provide an ESM export (#2760) (b00de68)
• Support sourcemap handling on streaming Vinyl contents
• Support extends syntax for .gulp.* config file
• Allow overriding gulpfile and preloads via .gulp.* config file

Bug Fixes

• Resolve bugs related to symlinks on various platforms
• Resolved some reported ReDoS CVEs and improved performance in glob-parent
• Rework errors surfaced when encountering files or symlinks when trying to create directories
• Ensure watch allows japanese characters in globs (72668c6)

... (truncated)

Changelog

Sourced from gulp's changelog.

5.0.0 (2024-03-29)

We've tried to provide a high-level changelog for gulp v5 below, but it doesn't contain all changes from the 60+ dependencies that we maintain.

Please see individual changelogs to drill down into all changes that were made.

⚠ BREAKING CHANGES

• Drop support for Node.js <10.13
• Default stream encoding to UTF-8
• Standardized on anymatch library for globbing paths. All globs should work the same between src and watch now!
• Removed support for ordered globs. This aligns with the chokidar globbing implementation. If you need your globs to be ordered, you can use ordered-read-stream
• All globs and paths are normalized to unix-like filepaths
• Only allow JS variants for .gulp.* config files
• Removed support for alpha releases of v4 from gulp-cli
• Removed the --verify flag
• Renamed the --require flag to --preload to avoid conflicting with Node.js flags
• Removed many legacy and deprecated loaders
• Upgrade to chokidar v3
• Clone Vinyl objects with stream contents using teex, but no longer wait for all streams to flow before cloned streams will receive data
• Stop using process.umask() to make directories, instead falling back to Node's default mode
• Throw on non-function, non-string option coercers
• Drop support of Node.js snake_case flags
• Use a Symbol for attaching the gulplog namespace to the store
• Use a Symbol for attaching the gulplog store to the global
• Use sha256 to hash the v8flags cache into a filename

Features

• Streamlined the dependency tree
• Switch all streams implementation to Streamx
• Rewrote glob-stream to use a custom directory walk that relies on newer Node.js features and is more performant than old implementation
• Implement translation support for all CLI messages and all messages passing through gulplog
• Allow users to customize or remove the timestamp from their logs
• Upgraded gulplog to v2. Messages logged via v1 will also display a deprecated warning. Plugins should update to v2 as the community upgrades to gulp 5
• Added support for gulpile.cjs and gulpfile.mjs
• Add support for swc, esbuild, sucrase, and mdx loaders
• Provide an ESM export (#2760) (b00de68)
• Support sourcemap handling on streaming Vinyl contents
• Support extends syntax for .gulp.* config file
• Allow overriding gulpfile and preloads via .gulp.* config file

Bug Fixes

• Resolve bugs related to symlinks on various platforms
• Resolved some reported ReDoS CVEs and improved performance in glob-parent
• Rework errors surfaced when encountering files or symlinks when trying to create directories
• Ensure watch allows japanese characters in globs (72668c6)

... (truncated)

Commits

• 5c4c547 chore: Release 5.0.0 (#2762)
• bf72116 chore: Add index.mjs to files list