Bump the npm_and_yarn group across 1 directory with 16 updates

[dependabot]

Bumps the npm_and_yarn group with 10 updates in the /backend/functions directory:

Package	From	To
lodash	4.17.13	4.17.21
request	2.88.0	2.88.2
@google-cloud/firestore	1.3.0	7.5.0
firebase-admin	7.0.0	12.0.0
semver	5.7.0	5.7.2
debug	4.1.1	4.3.4
express	4.17.1	4.19.2
minimatch	3.0.4	3.1.2
minimist	0.0.8	1.2.8
mkdirp	0.5.1	0.5.6

Updates lodash from 4.17.13 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates request from 2.88.0 to 2.88.2

Changelog

Sourced from request's changelog.

Change Log

Commits

• See full diff in compare view

Updates @google-cloud/firestore from 1.3.0 to 7.5.0

Release notes

Sourced from @​google-cloud/firestore's releases.

v7.5.0

7.5.0 (2024-03-25)

Features

• Protos and autogen client for vector (#2027) (c65cef0)
• Query Profile (#2014) (9a45ec8)

v7.4.0

7.4.0 (2024-03-15)

Features

• A new message Backup is added (#2021) (6bced86)
• A new message BackupSchedule is added (6bced86)
• A new message CreateBackupScheduleRequest is added (6bced86)
• A new message DailyRecurrence is added (6bced86)
• A new message DeleteBackupRequest is added (6bced86)
• A new message DeleteBackupScheduleRequest is added (6bced86)
• A new message GetBackupRequest is added (6bced86)
• A new message GetBackupScheduleRequest is added (6bced86)
• A new message ListBackupSchedulesRequest is added (6bced86)
• A new message ListBackupSchedulesResponse is added (6bced86)
• A new message ListBackupsRequest is added (6bced86)
• A new message ListBackupsResponse is added (6bced86)
• A new message RestoreDatabaseMetadata is added (6bced86)
• A new message RestoreDatabaseRequest is added (6bced86)
• A new message UpdateBackupScheduleRequest is added (6bced86)
• A new message WeeklyRecurrence is added (6bced86)
• A new method CreateBackupSchedule is added to service FirestoreAdmin (6bced86)
• A new method DeleteBackup is added to service FirestoreAdmin (6bced86)
• A new method DeleteBackupSchedule is added to service FirestoreAdmin (6bced86)
• A new method GetBackup is added to service FirestoreAdmin (6bced86)
• A new method GetBackupSchedule is added to service FirestoreAdmin (6bced86)
• A new method ListBackups is added to service FirestoreAdmin (6bced86)
• A new method ListBackupSchedules is added to service FirestoreAdmin (6bced86)
• A new method RestoreDatabase is added to service FirestoreAdmin (6bced86)
• A new method UpdateBackupSchedule is added to service FirestoreAdmin (6bced86)
• A new resource_definition firestore.googleapis.com/Backup is added (6bced86)
• A new resource_definition firestore.googleapis.com/BackupSchedule is added (6bced86)
• Add new types ExplainOptions, ExplainMetrics, PlanSummary, ExecutionStats (#2013) (e598b9d)

Bug Fixes

• ReadOnly transaction do not need to commit not rollback. (#2007) (6a220a6)
• Update service definitions (#2016) (ea4b6d0)

... (truncated)

Changelog

Sourced from @​google-cloud/firestore's changelog.

7.5.0 (2024-03-25)

Features

• Protos and autogen client for vector (#2027) (c65cef0)
• Query Profile (#2014) (9a45ec8)

7.4.0 (2024-03-15)

Features

• A new message Backup is added (#2021) (6bced86)
• A new message BackupSchedule is added (6bced86)
• A new message CreateBackupScheduleRequest is added (6bced86)
• A new message DailyRecurrence is added (6bced86)
• A new message DeleteBackupRequest is added (6bced86)
• A new message DeleteBackupScheduleRequest is added (6bced86)
• A new message GetBackupRequest is added (6bced86)
• A new message GetBackupScheduleRequest is added (6bced86)
• A new message ListBackupSchedulesRequest is added (6bced86)
• A new message ListBackupSchedulesResponse is added (6bced86)
• A new message ListBackupsRequest is added (6bced86)
• A new message ListBackupsResponse is added (6bced86)
• A new message RestoreDatabaseMetadata is added (6bced86)
• A new message RestoreDatabaseRequest is added (6bced86)
• A new message UpdateBackupScheduleRequest is added (6bced86)
• A new message WeeklyRecurrence is added (6bced86)
• A new method CreateBackupSchedule is added to service FirestoreAdmin (6bced86)
• A new method DeleteBackup is added to service FirestoreAdmin (6bced86)
• A new method DeleteBackupSchedule is added to service FirestoreAdmin (6bced86)
• A new method GetBackup is added to service FirestoreAdmin (6bced86)
• A new method GetBackupSchedule is added to service FirestoreAdmin (6bced86)
• A new method ListBackups is added to service FirestoreAdmin (6bced86)
• A new method ListBackupSchedules is added to service FirestoreAdmin (6bced86)
• A new method RestoreDatabase is added to service FirestoreAdmin (6bced86)
• A new method UpdateBackupSchedule is added to service FirestoreAdmin (6bced86)
• A new resource_definition firestore.googleapis.com/Backup is added (6bced86)
• A new resource_definition firestore.googleapis.com/BackupSchedule is added (6bced86)
• Add new types ExplainOptions, ExplainMetrics, PlanSummary, ExecutionStats (#2013) (e598b9d)

Bug Fixes

• ReadOnly transaction do not need to commit not rollback. (#2007) (6a220a6)
• Update service definitions (#2016) (ea4b6d0)

7.3.1 (2024-03-04)

... (truncated)

Commits

• 1d751a8 chore(main): release 7.5.0 (#2030)
• 9a45ec8 feat: Query Profile (#2014)
• c65cef0 feat: Protos and autogen client for vector (#2027)
• 319adc3 chore(main): release 7.4.0 (#2008)
• 6bced86 feat: A new message Backup is added (#2021)
• eb3d55c chore: include dayofweek proto in update.sh (#2022)
• ea4b6d0 fix: update service definitions (#2016)
• e598b9d feat: add new types ExplainOptions, ExplainMetrics, PlanSummary, ExecutionSta...
• 6a220a6 fix: ReadOnly transaction do not need to commit not rollback. (#2007)
• 4ad7750 chore(main): release 7.3.1 (#2001)
• Additional commits viewable in compare view

Updates firebase-admin from 7.0.0 to 12.0.0

Release notes

Sourced from firebase-admin's releases.

Firebase Admin Node.js SDK v12.0.0

• Breaking change: Upgraded the @google-cloud/firestore package to v7. This is a breaking change. Refer to the Cloud Firestore release notes for more details.

• Breaking change: Upgraded the @google-cloud/storage package to v7. This is a breaking change. Refer to the Cloud Storage release notes for more details.

• Breaking change: Upgraded TypeScript to v5.1.6.

• Deprecated support for Node.js 14. Instead use Node.js 16 or higher when deploying the Admin SDK. Node.js 14 support will be dropped in the next major version.

• Upgraded the google-cloud/firestore dependency to v7.1.0 to support sum() and `average() aggregation functions.

• Upgraded the @firebase/database-compat package to v1.

• Dropped AutoML model support (#1974)

Bug Fixes

• fix(firestore): Export new aggregate types (#2396)

Miscellaneous

• [chore] Release 12.0.0 (#2404)
• chore: Deprecate Node.js 14 (#2397)
• build(deps): Bump typescript, database-compat (#2403)
• build(deps-dev): bump @​types/firebase-token-generator (#2399)
• build(deps-dev): bump sinon and @​types/sinon (#2398)
• build(deps-dev): bump @​types/mocha from 10.0.1 to 10.0.6 (#2400)
• build(deps-dev): bump @​types/minimist from 1.2.2 to 1.2.5 (#2389)
• build(deps-dev): bump @​types/request from 2.48.8 to 2.48.12 (#2390)
• chore(deps): bump google-cloud/firestore and google-cloud/storage

Firebase Admin Node.js SDK v11.11.1

Miscellaneous

• [chore] Release 11.11.1 (#2387)
• build(deps): bump jwks-rsa from 3.0.1 to 3.1.0 (#2381)
• chore(deps): bump google-cloud/firestore to 6.8.0 (#2385)
• build(deps-dev): bump @​microsoft/api-extractor from 7.36.3 to 7.38.3 (#2380)
• build(deps-dev): bump @​types/sinon-chai from 3.2.9 to 3.2.12 (#2366)
• build(deps-dev): bump @​babel/traverse from 7.21.4 to 7.23.2 (#2343)
• build(deps-dev): bump eslint from 8.50.0 to 8.51.0 (#2330)
• build(deps-dev): bump @​types/firebase-token-generator (#2322)
• Bug Fix for issue #2320 (#2321)

Firebase Admin Node.js SDK v11.11.0

New Features

• feat(auth): Add Email Privacy support in Project and Tenant config (#2198)

Miscellaneous

... (truncated)

Commits

• 6bde095 [chore] Release 12.0.0 (#2404)
• a8d9d42 chore: Deprecate Node.js 14 (#2397)
• 14dea58 build(deps): Bump typescript, database-compat (#2403)
• b334dca build(deps-dev): bump @​types/firebase-token-generator (#2399)
• 653f014 build(deps-dev): bump sinon and @​types/sinon (#2398)
• 8b98b79 build(deps-dev): bump @​types/mocha from 10.0.1 to 10.0.6 (#2400)
• de00635 fix(firestore): Export new aggregate types (#2396)
• bc1e522 build(deps-dev): bump @​types/minimist from 1.2.2 to 1.2.5 (#2389)
• b9bdb47 build(deps-dev): bump @​types/request from 2.48.8 to 2.48.12 (#2390)
• ffae70c change(ml): Drop the feature to publish from an AutoML Model (#1974)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for firebase-admin since your current version.

Updates semver from 5.7.0 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

Commits

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• c83c18c 5.7.1
• 956e228 Correct typo in README
• See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates ansi-regex from 2.1.1 to 3.0.0

Commits

• 0a8cc19 3.0.0
• d9d806e Minor tweaks
• 69bebf6 Support urxvt escapes (#13)
• 3dff5e7 Use Map instead of Object for the fixtures
• baacbab Require Node.js 4 and meta tweaks
• See full diff in compare view

Updates debug from 4.1.1 to 4.3.4

Release notes

Sourced from debug's releases.

4.3.4

What's Changed

• Add section about configuring JS console to show debug messages by @​gitname in debug-js/debug#866
• Replace deprecated String.prototype.substr() by @​CommanderRoot in debug-js/debug#876

New Contributors

• @​gitname made their first contribution in debug-js/debug#866
• @​CommanderRoot made their first contribution in debug-js/debug#876

Full Changelog: debug-js/debug@4.3.3...4.3.4

4.3.3

Patch Release 4.3.3

This is a documentation-only release. Further, the repository was transferred. Please see notes below.

• Migrates repository from https://github.com/visionmedia/debug to https://github.com/debug-js/debug. Please see notes below as to why this change was made.
• Updates repository maintainership information
• Updates the copyright (no license terms change has been made)
• Removes accidental epizeuxis (#828)
• Adds README section regarding usage in child procs (#850)

Thank you to @​taylor1791 and @​kristofkalocsai for their contributions.

---

Repository Migration Information

I've formatted this as a FAQ, please feel free to open an issue for any additional question and I'll add the response here.

Q: What impact will this have on me?

In most cases, you shouldn't notice any change.

The only exception I can think of is if you pull code directly from https://github.com/visionmedia/debug, e.g. via a "debug": "visionmedia/debug"-type version entry in your package.json - in which case, you should still be fine due to the automatic redirection Github sets up, but you should also update any references as soon as possible.

Q: What are the security implications of this change?

If you pull code directly from the old URL, you should update the URL to https://github.com/debug-js/debug as soon as possible. The old organization has many approved owners and thus a new repository could (in theory) be created at the old URL, circumventing Github's automatic redirect that is in place now and serving malicious code. I (@​qix-) also wouldn't have access to that repository, so while I don't think it would happen, it's still something to consider.

Even in such a case, however, the officially released package on npm (debug) would not be affected. That package is still very much under control (even more than it used to be).

Q: What should I do if I encounter an issue related to the migration?

Search the issues first to see if someone has already reported it, and then open a new issue if someone has not.

Q: Why was this done as a 'patch' release? Isn't this breaking?

No, it shouldn't be breaking. The package on npm shouldn't be affected (aside from this patch release) and any references to the old repository should automatically redirect.

Thus, according to all of the "APIs" (loosely put) involved, nothing should have broken.

... (truncated)

Commits

• da66c86 4.3.4
• 9b33412 replace deprecated String.prototype.substr() (#876)
• c0805cc add section about configuring JS console to show debug messages (#866)
• 043d3cd 4.3.3
• 4079aae update license and more maintainership information
• 19b36c0 update repository location + maintainership information
• f851b00 adds README section regarding usage in child procs (#850)
• d177f2b Remove accidental epizeuxis
• e47f96d 4.3.2
• 1e9d38c cache enabled status per-logger (#799)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by qix, a new releaser for debug since your current version.

Updates express from 4.17.1 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates jsonwebtoken from 8.1.0 to 8.5.1

Changelog

Sourced from jsonwebtoken's changelog.

8.5.1 - 2019-03-18

Bug fix

• fix: ensure correct PS signing and verification (#585) (e5874ae428ffc0465e6bd4e660f89f78b56a74a6), closes #585

Docs

• README: fix markdown for algorithms table (84e03ef70f9c44a3aef95a1dc122c8238854f683)

8.5.0 - 2019-02-20

New Functionality

• feat: add PS JWA support for applicable node versions (#573) (eefb9d9c6eec54718fa6e41306bda84788df7bec), closes #573
• Add complete option in jwt.verify (#522) (8737789dd330cf9e7870f4df97fd52479adbac22), closes #522

Test Improvements

• Add tests for private claims in the payload (#555) (5147852896755dc1291825e2e40556f964411fb2), closes #555
• Force use_strict during testing (#577) (7b60c127ceade36c33ff33be066e435802001c94), closes #577
• Refactor tests related to jti and jwtid (#544) (7eebbc75ab89e01af5dacf2aae90fe05a13a1454), closes #544
• ci: remove nsp from tests (#569) (da8f55c3c7b4dd0bfc07a2df228500fdd050242a), closes #569

Docs

• Fix 'cert' token which isn't a cert (#554) (0c24fe68cd2866cea6322016bf993cd897fefc98), closes #554

8.4.0 - 2018-11-14

New Functionality

• Add verify option for nonce validation (#540) (e7938f06fdf2ed3aa88745b72b8ae4ee66c2d0d0), closes #540

Bug Fixes

• Updating Node version in Engines spec in package.json (#528) (cfd1079305170a897dee6a5f55039783e6ee2711), closes #528 #509
• Fixed error message when empty string passed as expiresIn or notBefore option (#531) (7f9604ac98d4d0ff8d873c3d2b2ea64bd285cb76), closes #531

Docs

• Update README.md (#527) (b76f2a80f5229ee5cde321dd2ff14aa5df16d283), closes #527
• Update README.md (#538) (1956c4006472fd285b8a85074257cbdbe9131cbf), closes #538
• Edited the README.md to make certain parts of the document for the api easier to read, emphasizing the examples. (#548) (dc89a641293d42f72ecfc623ce2eabc33954cb9d), closes #548
• Document NotBeforeError (#529) (29cd654b956529e939ae8f8c30b9da7063aad501), closes #529

Test Improvements

• Use lolex for faking date in tests (#491) (677ead6d64482f2067b11437dda07309abe73cfa), closes #491

... (truncated)

Commits

• 7f1f8b4 8.5.1
• e5874ae fix: ensure correct PS signing and verification (#585)
• 84e03ef README: fix markdown for algorithms table
• 1c0de55 8.5.0
• eefb9d9 feat: add PS JWA support for applicable node versions (#573)
• 8737789 Add complete option in jwt.verify (#522)
• 7b60c12 Force use_strict during testing (#577)
• 0c24fe6 Fix 'cert' token which isn't a cert (#554)
• da8f55c ci: remove nsp from tests (#569)
• 5147852 Add tests for private claims in the payload (#555)
• Additional commits viewable in compare view

Updates node-forge from 0.7.4 to 1.3.1

Changelog

Sourced from node-forge's changelog.

1.3.1 - 2022-03-29

Fixes

• RFC 3447 and RFC 8017 allow for optional DigestAlgorithm NULL parameters for sha* algorithms and require NULL paramters for md2 and md5 algorithms.

1.3.0 - 2022-03-17

Security

• Three RSA PKCS#1 v1.5 signature verification issues were reported by Moosa Yahyazadeh (moosa-yahyazadeh@uiowa.edu).
• HIGH: Leniency in checking digestAlgorithm structure can lead to signature forgery.
  • The code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. For more information, please see "Bleichenbacher's RSA signature forgery based on implementation error" by Hal Finney.
  • CVE ID: CVE-2022-24771
  • GHSA ID: GHSA-cfm4-qjh2-4765
• HIGH: Failing to check tailing garbage bytes can lead to signature forgery.
  • The code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. For more information, please see "Bleichenbacher's RSA signature forgery based on implementation error" by Hal Finney.
  • CVE ID: CVE-2022-24772
  • GHSA ID: GHSA-x4jg-mjrx-434g
• MEDIUM: Leniency in checking type octet.
  • DigestInfo is not properly checked for proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest.
  • CVE ID: CVE-2022-24773
  • GHSA ID: GHSA-2r2c-g63r-vccr

Fixed

• [asn1] Add fallback to pretty print invalid UTF8 data.
• [asn1] fromDer is now more strict and will default to ensuring all input bytes are parsed or throw an error. A new option parseAllBytes can disable this behavior.
  • NOTE: The previous behavior is being changed since it can lead to security issues with crafted inputs. It is possible that code doing custom DER parsing may need to adapt to this new behavior and optional flag.
• [rsa] Add and use a validator to check for proper structure of parsed ASN.1

... (truncated)

Commits

• a0a4a42 Release 1.3.1.
• a33830f Update changelog.
• 740954d Allow optional DigestAlgorithm parameters.
• 56f4316 Allow DigestInfo.DigestAlgorith.parameters to be optional
• cbf0bd5 Start 1.3.1-0.
• 6c5b901 Release 1.3.0.
• 0f3972a Update changelog.
• dc77b39 Fix error checking.
• bb822c0 Add advisory links.

[dependabot]

Superseded by #20.