[Security] Bump hosted-git-info from 2.8.5 to 2.8.9

[dependabot-preview]

Bumps hosted-git-info from 2.8.5 to 2.8.9. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Regular Expression Denial of Service in hosted-git-info The npm package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity

Affected versions: < 2.8.9

Changelog

Sourced from hosted-git-info's changelog.

2.8.9 (2021-04-07)

Bug Fixes

• backport regex fix from #76 (29adfe5), closes #84

2.8.8 (2020-02-29)

Bug Fixes

• #61 & #65 addressing issues w/ url.URL implmentation which regressed node 6 support (5038b18), closes #66

2.8.7 (2020-02-26)

Bug Fixes

• Do not attempt to use url.URL when unavailable (2d0bb66), closes #61 #62
• Do not pass scp-style URLs to the WhatWG url.URL (f2cdfcf), closes #60

2.8.6 (2020-02-25)

Commits

• 8d4b369 chore(release): 2.8.9
• 29adfe5 fix: backport regex fix from #76
• afeaefd chore(release): 2.8.8
• 5038b18 fix: #61 & #65 addressing issues w/ url.URL implmentation which regressed nod...
• 7440afa chore(release): 2.8.7
• 2d0bb66 fix: Do not attempt to use url.URL when unavailable
• f2cdfcf fix: Do not pass scp-style URLs to the WhatWG url.URL
• e1b83df chore(release): 2.8.6
• ff259a6 Ensure passwords in hosted Git URLs are correctly escaped
• See full diff in compare view

Maintainer changes

This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

If all status checks pass Dependabot will automatically merge this pull request during working hours.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

• Update frequency
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[vercel]

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/manifold/ui/F224UD5QkqUfen6X5sJLSqDjWcCP
✅ Preview: https://ui-git-dependabot-npmandyarnhosted-git-info-289-manifold.vercel.app

[dependabot-preview]

One of your CI runs failed on this pull request, so Dependabot won't merge it.

• changelog

Dependabot will still automatically merge this pull request if you amend it and your tests pass.

[codecov]

Codecov Report

Merging #1084 (cc582ad) into master (0c9fa08) will decrease coverage by 0.71%.
The diff coverage is 87.17%.

@@            Coverage Diff             @@
##           master    #1084      +/-   ##
==========================================
- Coverage   79.46%   78.74%   -0.72%     
==========================================
  Files          81       80       -1     
  Lines        1534     1722     +188     
  Branches      394      462      +68     
==========================================
+ Hits         1219     1356     +137     
- Misses        281      361      +80     
+ Partials       34        5      -29     

Impacted Files	Coverage Δ
...ld-data-provision-button/create-with-owner.graphql	100.00% <ø> (ø)
src/data/resource.tsx	75.00% <ø> (ø)
src/utils/marketplace.ts	37.50% <ø> (ø)
...d-data-has-resource/manifold-data-has-resource.tsx	75.00% <42.85%> (-4.49%)	⬇️
.../manifold-resource-list/manifold-resource-list.tsx	79.16% <60.00%> (-0.33%)	⬇️
...ifold-data-sso-button/manifold-data-sso-button.tsx	93.10% <75.00%> (+6.43%)	⬆️
...resource-container/manifold-resource-container.tsx	87.80% <75.00%> (-3.38%)	⬇️
src/global/app.ts	64.00% <79.24%> (ø)
...ents/manifold-active-plan/manifold-active-plan.tsx	65.38% <100.00%> (+8.86%)	⬆️
...onents/manifold-auth-token/manifold-auth-token.tsx	90.00% <100.00%> (-1.67%)	⬇️
... and 84 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5c62b31...cc582ad. Read the comment docs.