Bump lodash, inquirer and swagger-tools

[dependabot]

Bumps lodash to 4.17.21 and updates ancestor dependencies lodash, inquirer and swagger-tools. These dependencies need to be updated together.

Updates lodash from 2.4.2 to 4.17.21

Release notes

Sourced from lodash's releases.

4.0.0

lodash v4.0.0

2015 was big year! Lodash became the most depended on npm package, passed 1 billion downloads, & its v3 release saw massive adoption!

The year was also one of collaboration, as discussions began on merging Lodash & Underscore. Much of Lodash v4 is proofing out the ideas from those discussions. Lodash v4 would not be possible without the collaboration & contributions of the Underscore core team. In the spirit of merging our teams have blended with several members contributing to both libraries.

For 2016 & lodash v4.0.0 we wanted to cut loose, push forward, & take things up a notch!

Modern only

With v4 we’re breaking free from old projects, old environments, & dropping old IE < 9 support!

4 kB Core

Lodash’s kitchen-sink size will continue to grow as new methods & functionality are added. However, we now offer a 4 kB (gzipped) core build that’s compatible with Backbone v1.2.4 for folks who want Lodash without lugging around the kitchen sink.

More ES6

We’ve continued to embrace ES6 with methods like _.isSymbol, added support for cloning & comparing array buffers, maps, sets, & symbols, converting iterators to arrays, & iterable _(…).

In addition, we’ve published an es-build & pulled babel-plugin-lodash into core to make tree-shaking a breeze.

More Modular

Pop quiz! 📣

What category path does the bindAll method belong to? Is it

A) require('lodash/function/bindAll') B) require('lodash/utility/bindAll') C) require('lodash/util/bindAll')

Don’t know? Well, with v4 it doesn’t matter because now module paths are as simple as

var bindAll = require('lodash/bindAll');

We’ve also reduced module complexity making it easier to create smaller bundles. This has helped Lodash adoption with libraries like Async & Redux!

1st Class FP

With v3 we introduced lodash-fp. We learned a lot & with v4 we decided to pull it into core.

Now you can get immutable, auto-curried, iteratee-first, data-last methods as simply as

var _ = require('lodash/fp');
var object = { 'a': 1 };
</tr></table> 

... (truncated)

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates inquirer from 0.5.1 to 9.2.12

Release notes

Sourced from inquirer's releases.

[email protected]

• Modified lodash imports to help with tree-shaking
• Replace unmaintained through dependency (only affect users of the old bottom bar)

[email protected]

Fix issue with the default value disappearing from prompt.

[email protected]

Inquirer is now a native Node ECMAScript module. This will require your Node runtime to support es modules, and your app to be an es module. Node documentation over here: https://nodejs.org/api/esm.html#modules-ecmascript-modules

If you cannot migrate, please remember you can keep using the v8.x release line until you're ready.

[email protected]

• Bugfix: Fix a dependency who became ESM only

[email protected]

• Fix line wrapping with using with terminal links
• Fix number prompt not working with negative numbers

[email protected]

Fix bugs with the rawlist

[email protected]

• Fix bug when using both arrow keys and number keys on the rawList prompt.
• Dependencies bump

[email protected]

• checkbox prompt: Update the help message to be more complete. And the help message is now shown until a selection is made.

[email protected]

Fix older Node version compatibility issue.

[email protected]

• Fix an error being thrown inside the rawlist prompt

[email protected]

Bug Fixes

• Fix password prompt appearing when doing async filtering/validation
• User being prompted a question even though it was answered when using nested answer object format.
• Fix extra space appearing when using custom prefix.

And bump of all dependencies.

[email protected]

• Fix bug on rawList prompt
• Bump dependencies

[email protected]

Fix: Number prompt default behavior.

... (truncated)

Commits

• a318aec Publish
• a0cdb89 Feat (checkbox): Support validate config (#1319)
• ee56951 Chore: Bump dependencies
• 1b3df3a Feat (select): Allow default config in Select prompt (#1329)
• 1c4c80a Chore: Bump dependencies
• 172dabe Chore(deps): Bump get-func-name from 2.0.0 to 2.0.2 (#1320)
• 41e2bf8 Chore(deps): Bump postcss from 8.4.29 to 8.4.31 (#1321)
• 6fb4d9c Checkbox - add validation if no choice is selected (#1316)
• 3fff3fa Chore: Bump dependencies
• f6a3c50 Chore: Clean anti-patterns of early returns in long functions
• Additional commits viewable in compare view

Updates swagger-tools from 0.8.7 to 0.10.4

Changelog

Sourced from swagger-tools's changelog.

0.10.4 (2018-07-20)

• Fix issue where an object with a length property was incorrectly traversed (Issue #557)
• Remove string dependency (PR #542)

0.10.3 (2017-10-13)

• Remove support for nested controllers (Issue #537, #540)

0.10.2 (2017-10-10)

• Added support for nested controllers (PR #422, Issue #283)
• Fix issue where async controllers were not identified properly (Issue #443)
• Fix issue where the failedValidation property was not set for Content-Type request validation errors (PR #420)
• Fix issue where array body parameters would coerce non-array types into an array _(Issue #438)
• Fix issue where swagger-ui shows an error icon trying to validate a swagger doc for an internal API (Issue #323, #370, #526)
• Updated dependencies for security vulnerabilities (Issue #384, #535)

0.10.1 (2016-02-24)

• Fix issue with initializing middleware with an invalid Swagger document (Issue 355)

0.10.0 (2016-02-22)

• Bring back 84b3e83 which was reverted in 0.9.16

0.9.16 (2016-02-22)

• Fix a bug where file parameters could produce a runtime error if req.files was empty, which can happen if you do not provide the parameter (Issue #350)
• Revert v0.9.14 release (We will be adding it back for 0.10.0. Long story short, forces that I do not control require that I remove this fix and put it into a minor release instead to avoid upstream projects we do not maintain all the sudden reporting errors in response validation that didn't previously report them. I am sorry for having to do this, it was not my idea and I was against it completely.)

0.9.15 (2016-02-15)

• Fixed an issue where multer.any() resulted in file parameters not being found properly (Issue 348)
• Updated swagger-ui (Issue #349)

v0.9.14 (2016-02-05)

• Fixed an issue where string an Array passed as a String wasn't handled properly (PR 341)

v0.9.13 (2016-02-02)

• Upgrade json-refs for upstream bug fixes

v0.9.12 (2016-02-02)

... (truncated)

Commits

• 9c18858 v0.10.4
• 12f4c55 Preparing for 0.10.4 release
• 361c1f6 fix: incorrectly traversing of object with length property (#557)
• 60a7aee Lock commander.js to 2.11.x due to handling --no-* options
• f3650ec fix typos (#556)
• 0cea535 Update NSP exceptions for PR #542
• 187559d Update release notes for PR #542
• 857bf43 Remove stringjs dependency due to vulnerability in string 3.3. It is … (#542)
• 3d0a607 v0.10.3
• e546a28 Preparing for release
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.