Bump lodash and 3box

[dependabot]

Bumps lodash to 4.17.23 and updates ancestor dependency 3box. These dependencies need to be updated together.

Updates lodash from 4.17.15 to 4.17.23

Commits

• dec55b7 Bump main to v4.17.23 (#6088)
• 19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
• b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
• edadd45 Prevent prototype pollution on baseUnset function
• 4879a7a doc: fix autoLink function, conversion of source links (#6056)
• 9648f69 chore: remove yarn.lock file (#6053)
• dfa407d ci: remove legacy configuration files (#6052)
• 156e196 feat: add renovate setup (#6039)
• 933e106 ci: add pipeline for Bun (#6023)
• 072a807 docs: update links related to Open JS Foundation (#5968)
• Additional commits viewable in compare view

Updates 3box from 1.16.1 to 1.22.2

Release notes

Sourced from 3box's releases.

Release v1.22.0

Release notes

• chore: upgrade [email protected]
• fix: logout, clean up prior login state
• chore: deprecate isLoggedIn, simply call auth, will return existing user if available
• fix: another datastore path, resolves "key not found error"

Release v1.21.0

This release features a shared ipfs and orbitdb cache which will improve sync performance when using 3box across multiple apps.

Release notes

• feat: shared ipfs and orbitdb iframe cache for faster auth/openbox and syncs
• fix: ledger support

Release v1.20.3

This release upgrades ipfs to 0.46.0, adds a fix that may allow some very early 3box accounts to be loaded/synced again, and downgrades libp2p-pubsub as temporary fix for connect/gossipsub errors.

Release Notes

• fix: timeout adress links which dont resolve ipfs.dag.get
• chore: up ipfs 0.46.0
• fix: downgrade libp2p-pubsub, 0.4.7 throwing error

3Box v1.20.0

This release brings new IPFS features/performance in [email protected], and decreases bundled size by 1mb. Based on feedback from our first 3ID-Connect release, this brings a new more lightweight version and refactor. With these changes you need to pass a provider (as before) when creating or authenticating. The function get3idConnectProvider() is no longer available, when passing a provider we create a 3ID-Connect provider in the background. The recommended way to initialize a session is now as follows.

// On page load create
const box = await Box.create()
// Later authenticate user
const spaces = ['myDapp']
await box.auth(spaces, { address: '0x12345abcde', provider: ethProvider })

Release Notes

• feat: default to 3ID-Connect, pass an eth provider and 3id-connect will be created in background
• feat: supported function for browser feature support detection
• ref: pass a provider at box.auth instead of Box.create, so create can be called on page load.
• chore: upgrade to ipfs 0.44.0, libp2p-webrtc
• feat: ghostpinbot pass address
• ref: link address on auth

3Box v1.19.0

Release Notes

v1.19.0 - 2020-05-12

• chore: upgrade did-jwt and did resolver libraries

3Box v1.17.1

... (truncated)

Changelog

Sourced from 3box's changelog.

Release Notes

v1.22.0 - 2020-09-14

• chore: upgrade [email protected]
• fix: logout, clean up prior login state
• chore: deprecate isLoggedIn, simply call auth, will return existing user if available
• fix: another datastore path, resolves "key not found error"

v1.21.0 - 2020-08-06

• feat: shared ipfs and orbitdb iframe cache for faster auth/openbox and syncs
• fix: ledger support

v1.20.3 - 2020-07-13

This release upgrades ipfs to 0.46.0, adds a fix that may allow some older accounts to be loaded/synced again, and downgrades libp2p-pubsub as temporary fix for connect/gossipsub errors.

• fix: timeout adress links which dont resolve ipfs.dag.get
• chore: up ipfs 0.46.0
• fix: downgrade libp2p-pubsub, 0.4.7 throwing error

v1.20.2 - 2020-07-09

Fixes getting verified accounts (getVerifiedAccounts)

• fix: pass correct ipfs mock to resolve did

v1.20.1 - 2020-06-23

• fix: bump libp2p-pubsub

v1.20.0 - 2020-06-15

This release brings new IPFS features/performance in 0.44.0, and decreases bundled size by 1mb. Based on feedback from our first 3ID-Connect release, this brings a new more lightweight version and refactor. With these changes you need to pass a provider (as before) when creating or authenticating. The function get3idConnectProvider() is no longer available, when passing a provider we create a 3ID-Connect provider in the background. The recommended way to initialize a session is now as follows.

// On page load create
const box = await Box.create()
// Later authenticate user
const spaces = ['myDapp']
await box.auth(spaces, { address: '0x12345abcde', provider: ethProvider })

• feat: default to 3ID-Connect, pass an eth provider and 3id-connect will be created in background
• feat: supported function for browser feature support detection
• ref: pass a provider at box.auth instead of Box.create, so create can be called on page load.
• chore: upgrade to ipfs 0.44.0, libp2p-webrtc
• feat: ghostpinbot pass address
• ref: link address on auth

v1.19.0 - 2020-05-12

• chore: upgrade did-jwt and did resolver libraries

... (truncated)

Commits

• 9b8e538 fix: ensure correct rootstore address (#922)
• a718b50 fix: make sure hash is hex (#918)
• c3f36e6 Merge pull request #917 from 3box/release/v1.22.0
• 08670ca release v1.22.0
• d010570 Merge pull request #914 from 3box/fix/ipfs-datastore-key-not-found
• dcbde39 Merge pull request #913 from 3box/fix/logout-state
• 9aa9d3c Merge pull request #911 from 3box/chore/up-ipfslog-orbitdb-25
• 3c17a11 fix: another datastore path, for upgrade, key not found fix
• f35672c chore: depracate isLoggedIn
• cc2acc9 fix: fix logout, cleanup all state
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.