[Security] Bump esm from 3.0.84 to 3.2.25

[dependabot-preview]

Bumps esm from 3.0.84 to 3.2.25. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Regular Expression Denial of Service A Regular Expression Denial of Service vulnerability was discovered in esm before 3.1.0. The issue is that esm's find-indexes is using the unescaped identifiers in a regex, which, in this case, causes an infinite loop.

Affected versions: < 3.1.0

Release notes

Sourced from esm's releases.

3.2.25

• Fixed regression parsing computed methods (#807)

3.2.24

• Fixed regression parsing static methods (#804)

3.2.23

• Added support for parsing public and private static class fields (#801)
• Fixed regression in missing export detection for CJS modules (#773)
• Fixed regression parsing computed class fields (#787)
• Fixed REPL support for Node 12 (#792)
• Reverted partial "type" field support of package.json (#784)

3.2.22

• Reverted cache invalidation fix because of overactive file attribute updates (#746)

3.2.21

• Ensured deep parse validation is performed before shallow (#768)
• Ensured direct Module#_compile() calls are based on default options
• Ensured .node files are stored in the real Module._cache in Jest (#765)
• Fixed cache invalidation of re-published modules (#746)
• Fixed dynamic import use in Puppeteer’s page.evaluate() (#762)
• Fixed regression with ts-node/register (#769)
• Fixed regression for packages with invalid "main" fields (#770)
• Updated %s token of util.formatWithOptions()

3.2.20

• Fixed typo in Entry#resumeChildren() (#760)

3.2.19

• Ensured source maps generated when options.sourceMap is false (#756)
• Ensured stack traces of syntax errors are not clipped
• Ensured stack traces don’t use file URLs when options.cjs.paths is true
• Updated util.formatWithOptions() implementation (#757)

3.2.18

• Fixed undefined property access error for Loader.state.package.default (#752)
• Reintroduced an improved Electron v1 fix (#750)

3.2.17

• Fixed regression in Jest context (#747)

3.2.16

• Fixed inline source map detection

3.2.15

• Ensured console and util can access Loader.state.package.default (#740)
• Ensured esm works with requizzle (#744)

... (truncated)

Commits

• bd5da7e Bump to v3.2.25.
• 64df0a8 Update deps.
• ab2230e Fix regression in computed methods. [closes #807]
• e173189 Bump to v3.2.24.
• 51c217b Fix static property parse regression. [closes #804]
• a2b7949 Bump to v3.2.23.
• a50cb19 Update deps.
• 6e5a22d Revert "Temporarily remove node-sleep until it builds on Node 12+."
• dff4f0d Add support for public and private static class fields. [closes #801]
• a0a21ac Align Node error objects with Node 12.2.0.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)