Bump convict from 5.2.0 to 6.0.1

[dependabot]

Bumps convict from 5.2.0 to 6.0.1.

Changelog

Sourced from convict's changelog.

Change Log

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

[6.0.0] - 2020-05-02

Changed

• [BREAKING] Multi-packages split #327 (A-312, Marc-Aurèle Darche @​madarche). There are now 3 packages: convict, convict-format-with-validator, convict-format-with-moment
• [BREAKING] Remove the json5 dependency and make it an optional parser #326 (A-312)
• Ease relying applications security fixes by using ^x.y.z range versions for Convict's dependencies and devDependencies, instead of exact/strict versions. Nowadays all applications should lock their dependencies and devDependencies using lock files such as package-lock.json. There is also tools such as npm audit fix that very easily and effectively fix vulnerabilites in version ranges. So, from now on, Convict will not put itself in the way, by leveraging Semantic Versioning to its maximum for dependencies and devDependencies. (Marc-Aurèle Darche @​madarche)

Fixed

• Fix multiple vulns by upgrading some deps (Cyrille Verrier @​cyrille-arundo, Marc-Aurèle Darche @​madarche)

Commits

• 7e068d8 v6.0.1
• 81771b3 ran npm audit fix
• dc17a2e Merge pull request #384 from 418sec/1-npm-convict
• 180d692 Merge pull request #1 from arjunshibu/master
• 688c46a Security fix for prototype pollution
• 95f4ab3 Fix lodash vuln by regenerating package-lock.json
• 9d90709 Use consistent code style
• 76f0f98 Fix typo (#375)
• a3eee35 Remove david-dm.org badges because not fitted
• fe80cf8 Add more keywords for convict package
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by dannycoates, a new releaser for convict since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[kodiakhq]

This PR currently has a merge conflict. Please resolve this and then re-add the automerge label.

[dependabot]

Superseded by #199.