Bump jszip from 2.6.1 to 2.7.0 (#141)

dependabot[bot] · facebook-github-bot · commit 9d11ca4a74af · 2022-09-09T10:38:11.000-07:00
Summary: Bumps [jszip](https://github.com/Stuk/jszip) from 2.6.1 to 2.7.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Stuk/jszip/blob/main/CHANGES.md">jszip's changelog</a>.</em></p> <blockquote> <hr /> <h2>title: Changelog layout: default section: main</h2> <h3>v3.10.1 2022-08-02</h3> <ul> <li>Add sponsorship files. <ul> <li>If you appreciate the time spent maintaining JSZip then I would really appreciate <a href="https://github.com/sponsors/Stuk">your sponsorship</a>.</li> </ul> </li> <li>Consolidate metadata types and expose OnUpdateCallback <a href="https://github-redirect.dependabot.com/Stuk/jszip/pull/851">#851</a> and <a href="https://github-redirect.dependabot.com/Stuk/jszip/pull/852">#852</a></li> <li>use <code>const</code> instead <code>var</code> in example from README.markdown <a href="https://github-redirect.dependabot.com/Stuk/jszip/pull/828">#828</a></li> <li>Switch manual download link to HTTPS <a href="https://github-redirect.dependabot.com/Stuk/jszip/pull/839">#839</a></li> </ul> <p>Internals:</p> <ul> <li>Replace jshint with eslint <a href="https://github-redirect.dependabot.com/Stuk/jszip/pull/842">#842</a></li> <li>Add performance tests <a href="https://github-redirect.dependabot.com/Stuk/jszip/pull/834">#834</a></li> </ul> <h3>v3.10.0 2022-05-20</h3> <ul> <li>Change setimmediate dependency to more efficient one. Fixes <a href="https://github-redirect.dependabot.com/Stuk/jszip/issues/617">Stuk/jszip#617</a> (see <a href="https://github-redirect.dependabot.com/Stuk/jszip/pull/829">#829</a>)</li> <li>Update types of <code>currentFile</code> metadata to include <code>null</code> (see <a href="https://github-redirect.dependabot.com/Stuk/jszip/pull/826">#826</a>)</li> </ul> <h3>v3.9.1 2022-04-06</h3> <ul> <li>Fix recursive definition of <code>InputFileFormat</code> introduced in 3.9.0.</li> </ul> <h3>v3.9.0 2022-04-04</h3> <ul> <li>Update types JSZip#loadAsync to accept a promise for data, and remove arguments from <code>new JSZip()</code> (see <a href="https://github-redirect.dependabot.com/Stuk/jszip/pull/752">#752</a>)</li> <li>Update types for <code>compressionOptions</code> to JSZipFileOptions and JSZipGeneratorOptions (see <a href="https://github-redirect.dependabot.com/Stuk/jszip/pull/722">#722</a>)</li> <li>Add types for <code>generateInternalStream</code> (see <a href="https://github-redirect.dependabot.com/Stuk/jszip/pull/774">#774</a>)</li> </ul> <h3>v3.8.0 2022-03-30</h3> <ul> <li>Santize filenames when files are loaded with <code>loadAsync</code>, to avoid <a href="https://snyk.io/research/zip-slip-vulnerability">&quot;zip slip&quot; attacks</a>. The original filename is available on each zip entry as <code>unsafeOriginalName</code>. See the <a href="https://stuk.github.io/jszip/documentation/api_jszip/load_async.html">documentation</a>. Many thanks to McCaulay Hudson for reporting.</li> </ul> <h3>v3.7.1 2021-08-05</h3> <ul> <li>Fix build of <code>dist</code> files. <ul> <li>Note: this version ensures the changes from 3.7.0 are actually included in the <code>dist</code> files. Thanks to Evan W for reporting.</li> </ul> </li> </ul> <h3>v3.7.0 2021-07-23</h3> <ul> <li>Fix: Use a null prototype object for this.files (see <a href="https://github-redirect.dependabot.com/Stuk/jszip/pull/766">#766</a>) <ul> <li>This change might break existing code if it uses prototype methods on the <code>.files</code> property of a zip object, for example <code>zip.files.toString()</code>. This approach is taken to prevent files in the zip overriding object methods that would exist on a normal object.</li> </ul> </li> </ul> <h3>v3.6.0 2021-02-09</h3> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/Stuk/jszip/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jszip&package-manager=npm_and_yarn&previous-version=2.6.1&new-version=2.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `dependabot rebase` will rebase this PR - `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `dependabot merge` will merge this PR after your CI passes on it - `dependabot squash and merge` will squash and merge this PR after your CI passes on it - `dependabot cancel merge` will cancel a previously requested merge and block automerging - `dependabot reopen` will reopen this PR if it is closed - `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/relayjs/relay-devtools/network/alerts). </details> Pull Request resolved: #141 Reviewed By: alunyov Differential Revision: D39356044 Pulled By: tyao1 fbshipit-source-id: 35611dd88059866f42a8371ead32f95fad587636
diff --git a/yarn.lock b/yarn.lock
@@ -6727,9 +6727,9 @@ jsx-ast-utils@^2.2.1:
     object.assign "^4.1.0"
 
 jszip@^2.4.0:
-  version "2.6.1"
-  resolved "https://registry.yarnpkg.com/jszip/-/jszip-2.6.1.tgz#b88f3a7b2e67a2a048152982c7a3756d9c4828f0"
-  integrity sha1-uI86ey5noqBIFSmCx6N1bZxIKPA=
+  version "2.7.0"
+  resolved "https://registry.yarnpkg.com/jszip/-/jszip-2.7.0.tgz#c420b1e1aa800490724a0dd277e8cca950bc2c41"
+  integrity sha512-JIsRKRVC3gTRo2vM4Wy9WBC3TRcfnIZU8k65Phi3izkvPH975FowRYtKGT6PxevA0XnJ/yO8b0QwV0ydVyQwfw==
   dependencies:
     pako "~1.0.2"
 
@@ -8149,9 +8149,9 @@ package-json@^6.3.0:
     semver "^6.2.0"
 
 pako@~1.0.2, pako@~1.0.5:
-  version "1.0.10"
-  resolved "https://registry.yarnpkg.com/pako/-/pako-1.0.10.tgz#4328badb5086a426aa90f541977d4955da5c9732"
-  integrity sha512-0DTvPVU3ed8+HNXOu5Bs+o//Mbdj9VNQMUOe9oKCwh8l0GNwpTDMKCWbRjgtD291AWnkAgkqA/LOnQS8AmS1tw==
+  version "1.0.11"
+  resolved "https://registry.yarnpkg.com/pako/-/pako-1.0.11.tgz#6c9599d340d54dfd3946380252a35705a6b992bf"
+  integrity sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==
 
 parallel-transform@^1.1.0:
   version "1.2.0"
