Bump json5 and jsreport in /jsreport

[dependabot]

Removes json5. It's no longer used after updating ancestor dependency jsreport. These dependencies need to be updated together.

Removes json5

Updates jsreport from 2.6.0 to 3.9.0

Release notes

Sourced from jsreport's releases.

3.9.0

highlights of updates

general updates

• all extensions dependencies were updated to ensure that we don't use vulnerable packages, so npm audit now reports 0 vulnerabilities in most cases
• we now provide docker images for ARM architectures, so jsreport docker images now will work fine in machines with Apple M1 based hardware. see this docs for details
• start to differentiate between template not found errors and permissions errors for better understanding
• reports cleanup logic was improved with limits to avoid memory issues
• office recipes (docx, xlsx, pptx) now default to accept buffer strings as base64 and throw better error when failed to parse office template input
• user level logs (done in script of web pages like chrome) are now logged with level debug
• xlsx: xlsxAddImage now support alt text and xlsxChart can be used along with dynamic table
• docx: docxStyle, docxImage, docxChart, docxHtml now can be used safely in document header/footer
• docx: add initial implementation of docxChild helper to allow merging text of another docx
• pptx: improvements to pptxImage (new options: (usePlaceholderSize, width, height)
• pptx: improvements to pptxTable (new support of vertical tables)
• pdf-utils: added support for specifying custom properties for PDF metadata

core

• add more store methods collection.findAdmin, collection.findOneAdmin, reporter.adminRequest to easily allow execution of store queries without taking into account permissions
• improve logging for child requests and user level logs
• differentiate between template not found errors and permissions related errors (it is now more clean what is the cause of specific error)
• normalize to error when non-errors are throw (like throw "string")
• improve errors in helpers (it now includes the helper name)
• improve error message when template was not found in child request
• improve error handling in sandbox

studio

• improve ⇧ + ↑, ⇧ + ↓ entity tree multi selection in studio
• add studio range select with ⇧ + click to start and end

child-templates

• improve logging and errors

express

• wait for jsreport initialization globally in middleware (this means that http routes will wait until jsreport is initialized before going to the route logic)

assets

• errors from asset logic should be weak
• validate that passed asset path is string

scripts

• ignore scripts attached to template which contain scope that is not compatible to run at the template level

... (truncated)

Commits

• e59ed67 release jsreport 3.9.0
• b4c34b0 release @​jsreport/jsreport-electron-pdf, @​jsreport/jsreport-oracle-store, @​js...
• ebfec34 release extensions 3.9.0
• 11e14c3 update changed:inspect script
• bc0c90a update publish script
• 1042375 prevent reports clean to run again if the clean logic takes longer than the i...
• 3b0d51c clean all old reports using cleanParallelLimit
• 4ec022c fix support for pptxTable and also support for vertical tables
• 1cb9751 pptxImage support for same options than docxImage (usePlaceholderSize, width,...
• d576d34 do the reports cleanup with limit
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.