chore(deps): bump ssri from 6.0.2 to 9.0.0

[dependabot]

Bumps ssri from 6.0.2 to 9.0.0.

Release notes

Sourced from ssri's releases.

v9.0.0

9.0.0 (2022-04-05)

⚠ BREAKING CHANGES

• this drops support for node 8, node 10, and non-LTS versions of node 12 and node 14

Dependencies

• @​npmcli/template-oss@​3.2.2 (#31) (a14b37a)

Changelog

Sourced from ssri's changelog.

9.0.0 (2022-04-05)

⚠ BREAKING CHANGES

• this drops support for node 8, node 10, and non-LTS versions of node 12 and node 14

Dependencies

• @​npmcli/template-oss@​3.2.2 (#31) (a14b37a)

8.0.1 (2021-01-27)

Bug Fixes

• simplify regex for strict mode, add tests (76e2233)

8.0.0 (2020-02-18)

⚠ BREAKING CHANGES

• SRI values with ../ in the algorithm name now throw as invalid (which they always probably should have!)
• adds a new error that will be thrown. Empty SRIs are no longer considered valid for checking, only when using integrityStream to calculate the SRI value.

PR-URL: npm/ssri#12 Credit: @​claudiahdz

Features

• remove figgy-pudding (0e78fd7)

Bug Fixes

• harden SRI parsing against ../ funny business (4062735)
• IntegrityStream responds to mutating opts object mid-stream (4a963e5)
• throw null when sri is empty or bad (a6811cb), closes #12

7.1.0 (2019-10-24)

Bug Fixes

• Do not blow up if the opts object is mutated (806e8c8)

... (truncated)

Commits

• e7ee51d chore(main): release 9.0.0 (#32)
• 033c76e chore: bump tap from 15.2.3 to 16.0.1 (#33)
• a14b37a deps: @​npmcli/template-oss@​3.2.2 (#31)
• 9ee00fe chore: add a year to LICENSE to match ISC format (#28)
• 2db3156 fix some typos (#22)
• fb32474 chore: update settings.yml (#26)
• 8fbaff2 chore(package-lock): rebuild package-lock
• ef0e765 chore(tests): update to tap15
• d403b68 chore(package-lock): rebuild package-lock
• 3eec7a3 chore(release): 8.0.1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by gar, a new releaser for ssri since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #102.