Bump jszip and opensheetmusicdisplay in /apps-backend

[dependabot]

Bumps jszip to 3.10.1 and updates ancestor dependency opensheetmusicdisplay. These dependencies need to be updated together.

Updates jszip from 3.7.1 to 3.10.1

Changelog

Sourced from jszip's changelog.

v3.10.1 2022-08-02

• Add sponsorship files.
  • If you appreciate the time spent maintaining JSZip then I would really appreciate your sponsorship.
• Consolidate metadata types and expose OnUpdateCallback #851 and #852
• use const instead var in example from README.markdown #828
• Switch manual download link to HTTPS #839

Internals:

• Replace jshint with eslint #842
• Add performance tests #834

v3.10.0 2022-05-20

• Change setimmediate dependency to more efficient one. Fixes Stuk/jszip#617 (see #829)
• Update types of currentFile metadata to include null (see #826)

v3.9.1 2022-04-06

• Fix recursive definition of InputFileFormat introduced in 3.9.0.

v3.9.0 2022-04-04

• Update types JSZip#loadAsync to accept a promise for data, and remove arguments from new JSZip() (see #752)
• Update types for compressionOptions to JSZipFileOptions and JSZipGeneratorOptions (see #722)
• Add types for generateInternalStream (see #774)

v3.8.0 2022-03-30

• Santize filenames when files are loaded with loadAsync, to avoid "zip slip" attacks. The original filename is available on each zip entry as unsafeOriginalName. See the documentation. Many thanks to McCaulay Hudson for reporting.

Commits

• 0f2f1e4 3.10.1
• cae5510 Updates for v3.10.1
• 179c9a0 Update changelog for 3.10.1
• 61e1df5 Add Jekyll files to gitignore
• f299cce Merge pull request #852 from Stuk/metadata-ts
• 852887a Consolidate metadata types and expose OnUpdateCallback
• 5be00df Add sponsorship files
• dabe864 Update package-lock for benchmark
• cc554da Merge pull request #841 from stevennyman/patch-2
• caefbc0 Merge pull request #834 from Stuk/benchmark
• Additional commits viewable in compare view

Updates opensheetmusicdisplay from 1.3.1 to 1.7.3

Release notes

Sourced from opensheetmusicdisplay's releases.

1.7.3

See Changelog

1.7.2

See Changelog

1.7.1

See Changelog

1.7.0

See Changelog

1.6.1

See Changelog

1.6.0

See Changelog

1.5.8

See Changelog

1.5.7

See Changelog

1.5.6

See Changelog

1.5.5

See Changelog

1.5.4

See Changelog

1.5.3

See Changelog

1.5.2

See Changelog

1.5.1

See Changelog

1.5.0

See Changelog (30-60% performance improvement!)

1.4.5

See Changelog

1.4.4

... (truncated)

Changelog

Sourced from opensheetmusicdisplay's changelog.

1.7.3 (2023-01-23)

Bug Fixes

• Build: Fix ES2017/Android API 28 incompatibility by not using Array.flat() from ES2019 (#1299, PR #1301) (cea8bf8)
• Cursor: Fix cursor not appearing on show() if previous() was executed when at the start of the sheet, going beyond the beginning (#1303) (a1bfecf)
• Cursor: Fix cursor.previous() infinite loop after advancing past the end of the sheet (#1302) (601fc64)
• Cursor: Fix next() skipping first position in score after going beyond beginning of score (e.g. cursor.previous() after cursor.reset()) (#1304) (6b31846)
• Pedal: Fix Pedal ending at end of measure instead of before last note ([#1291(https://github-redirect.dependabot.com/Pedal Marks Render Across Full Measure opensheetmusicdisplay/opensheetmusicdisplay#1291), [PR #1305](https://github-redirect.dependabot.com/Fix Pedal end at end of measure instead of before last note (better than previous solution in #1291) opensheetmusicdisplay/opensheetmusicdisplay#1305)) (09dc868)
• Slurs: Fix bad slur placement when SlurPlacementFromXML is used (default), but XML doesn't provide placement values (#1298) (d854976)
• Tuplets: Fix consecutive tuplet label number disabling not respecting note length (#1207, PR #1300) (eb69f32)

Features

• Pedal: Start at beginning of stave (after modifiers) if start note is whole measure rest (and e.g. measures above it have non-rest notes) (#1306, PR #1307) (92eb9b6)

1.7.2 (2023-01-18)

Bug Fixes

• Clefs: Fix Clef at measure end in wrong measure if backup nodes used (#1294, PR #1295) (e.g. Sibelius) (9a6aa3f)
• Build: Fix umlauts in key identifiers error [(#1293)](opensheetmusicdisplay/opensheetmusicdisplay#1293)

1.7.1 (2022-12-30)

Bug Fixes

• Build: Make Array prototype changes writeable to prevent conflicts with other libraries (#980, #1288, PR #1289) (f69d532)
• Lyrics: Fix non-numeric lyric number handling, unnecessary space for unused lyric lines (PR #1284, #1271, #1272) (fac88af)

1.7.0 (2022-12-12)

Bug Fixes

• Fermata: Fix inverted fermata placement/overlap with multiple voices (#1278, PR #1279) (15e4015)
• OctaveShift: Fix rare error when startX greater stopX (#1281, PR #1282) (e8d89a0)
• Overlap: Fix overlap with implicit / pickup measure after repeat with single note pickup (#1286, #1236) (f667f67)
• Overlap: Fix overlap with implicit / pickup measure without repeat with single note pickup (#1286, #1236) (700be56)
• Tempo: Increase TempoYSpacing from 0 to 0.5 (prevents (near-)overlaps, no apparent downside) (#1243) (9e584d0)

... (truncated)

Commits

• 98021af Merge branch 'release/1.7.3'
• 786425a chore: update changelog for 1.7.3
• 5f889fa chore: bump version to 1.7.3-release
• 92eb9b6 feat(Pedal): Start at beginning of stave (after modifiers) if start note is w...
• 09dc868 fix(Pedal): Fix Pedal end at end of measure instead of before last note (bett...
• 8f32983 fix(Pedal): Fix pedal end before last staff entry of the measure not stopping...
• a1bfecf fix(Cursor): Fix cursor not appearing on show() if previous() was executed wh...
• 6b31846 fix(Cursor): fix next() skipping first position in score after going beyond b...
• cea8bf8 fix(Build): Fix ES2017/Android API 28 incompatibility by not using Array.flat...
• 5edc67d test: expand cursor previous() and next() test to expect EndReached values et...
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.