Bump the npm_and_yarn group across 4 directories with 9 updates

[dependabot]

Bumps the npm_and_yarn group with 4 updates in the /continuum-js/continuum-cli directory: @babel/traverse, braces, ejs and micromatch.
Bumps the npm_and_yarn group with 7 updates in the /continuum-js/continuum-client directory:

Package	From	To
braces	3.0.2	3.0.3
micromatch	4.0.5	4.0.8
elliptic	6.5.4	6.6.0
vite	5.2.8	5.2.14
ws	8.16.0	8.17.1
postcss	8.4.38	8.4.47
rollup	4.13.0	4.24.3

Bumps the npm_and_yarn group with 3 updates in the /continuum-js/continuum-idl-js directory: braces, micromatch and vite.
Bumps the npm_and_yarn group with 2 updates in the /website/continuum-vitepress directory: vite and postcss.

Updates @babel/traverse from 7.22.8 to 7.25.9

Release notes

Sourced from @​babel/traverse's releases.

v7.25.9 (2024-10-22)

Thanks @​victorenator for your first PR!

🐛 Bug Fix

• babel-parser, babel-template, babel-types
  • #16905 fix: Keep type annotations in syntacticPlaceholders mode (@​liuxingbaoyu)
• babel-helper-compilation-targets, babel-preset-env
  • #16907 fix: support BROWSERSLIST{,_CONFIG} env (@​JLHwung)
• Other
  • #16884 Analyze ClassAccessorProperty to prevent the no-undef rule (@​victorenator)

🏠 Internal

• babel-helper-transform-fixture-test-runner
  • #16914 remove test options flaky (@​JLHwung)
• Every package
  • #16917 fix: Accidentally published tsconfig files (@​liuxingbaoyu)

🏃‍♀️ Performance

• babel-parser, babel-types
  • #16918 perf: Make VISITOR_KEYS etc. faster to access (@​liuxingbaoyu)

Committers: 4

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Viktar Vaŭčkievič (@​victorenator)
• @​liuxingbaoyu

v7.25.8 (2024-10-10)

🐛 Bug Fix

• babel-core
  • #16888 Restore public API of resolvePlugin/resolvePreset (@​nicolo-ribaudo)

🏠 Internal

• babel-parser, babel-plugin-proposal-async-do-expressions, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-proposal-explicit-resource-management, babel-plugin-proposal-export-default-from, babel-plugin-proposal-function-bind, babel-plugin-proposal-function-sent, babel-plugin-proposal-import-defer, babel-plugin-proposal-partial-application, babel-plugin-proposal-throw-expressions, babel-plugin-transform-async-generator-functions, babel-plugin-transform-class-static-block, babel-plugin-transform-dynamic-import, babel-plugin-transform-export-namespace-from, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-property-in-object, babel-preset-env
  • #16824 Inline one-line syntax plugins (@​nicolo-ribaudo)

Committers: 3

• Babel Bot (@​babel-bot)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

v7.25.7 (2024-10-02)

Thanks @​DylanPiercey and @​YuHyeonWook for your first PRs!

🐛 Bug Fix

• babel-helper-validator-identifier
  • #16825 fix: update identifier to unicode 16 (@​JLHwung)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.25.9 (2024-10-22)

🐛 Bug Fix

• babel-parser, babel-template, babel-types
  • #16905 fix: Keep type annotations in syntacticPlaceholders mode (@​liuxingbaoyu)
• babel-helper-compilation-targets, babel-preset-env
  • #16907 fix: support BROWSERSLIST{,_CONFIG} env (@​JLHwung)
• Other
  • #16884 Analyze ClassAccessorProperty to prevent the no-undef rule (@​victorenator)

🏠 Internal

• babel-helper-transform-fixture-test-runner
  • #16914 remove test options flaky (@​JLHwung)

🏃‍♀️ Performance

• babel-parser, babel-types
  • #16918 perf: Make VISITOR_KEYS etc. faster to access (@​liuxingbaoyu)

v7.25.8 (2024-10-10)

🐛 Bug Fix

• babel-core
  • #16888 Restore public API of resolvePlugin/resolvePreset (@​nicolo-ribaudo)

🏠 Internal

• babel-parser, babel-plugin-proposal-async-do-expressions, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-proposal-explicit-resource-management, babel-plugin-proposal-export-default-from, babel-plugin-proposal-function-bind, babel-plugin-proposal-function-sent, babel-plugin-proposal-import-defer, babel-plugin-proposal-partial-application, babel-plugin-proposal-throw-expressions, babel-plugin-transform-async-generator-functions, babel-plugin-transform-class-static-block, babel-plugin-transform-dynamic-import, babel-plugin-transform-export-namespace-from, babel-plugin-transform-json-strings, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-private-property-in-object, babel-preset-env
  • #16824 Inline one-line syntax plugins (@​nicolo-ribaudo)

v7.25.7 (2024-10-02)

🐛 Bug Fix

• babel-helper-validator-identifier
  • #16825 fix: update identifier to unicode 16 (@​JLHwung)
• babel-traverse
  • #16814 fix: issue with node path keys updated on unrelated paths (@​DylanPiercey)
• babel-plugin-transform-classes
  • #16797 Use an inclusion rather than exclusion list for super() check (@​nicolo-ribaudo)
• babel-generator
  • #16788 Fix printing of TS infer in compact mode (@​nicolo-ribaudo)
  • #16785 Print TS type annotations for destructuring in assignment pattern (@​nicolo-ribaudo)
  • #16778 Respect [no LineTerminator here] after nodes (@​nicolo-ribaudo)

💅 Polish

• babel-types
  • #16852 Add deprecated JSDOC for fields (@​liuxingbaoyu)

🏠 Internal

• babel-core
  • #16820 Allow sync loading of ESM when --experimental-require-module (@​nicolo-ribaudo)
• babel-helper-compilation-targets, babel-helper-plugin-utils, babel-preset-env
  • #16858 Add browserslist config to external dependency (@​JLHwung)
• babel-plugin-proposal-destructuring-private, babel-plugin-syntax-decimal, babel-plugin-syntax-import-reflection, babel-standalone

... (truncated)

Commits

• b07957e v7.25.9
• af91759 fix: Accidentally publishing useless files (#16917)
• 2533cfb v7.25.7
• 611d958 [babel 8] Create TSClassImplements|TSInterfaceHeritage nodes (#16731)
• 506bf91 Remove BABEL_TYPES_8_BREAKING flag and enable it by default (#16817)
• 9e14f7d chore: Enable more lint rules (#16827)
• e69a7e5 fix: issue with node path keys updated on unrelated paths (#16814)
• 7467c9d [Babel 8] Remove some Scope methods (#16705)
• 0a55713 [Babel 8] Remove DecimalLiteral AST (#16807)
• 69d65f1 [babel 8] Require Node.js ^18.20.0 || ^20.17.0 || >=22.8.0 (#16800)
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates ejs from 3.1.9 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

Commits

• d3f807d Version 3.1.10
• 9ee26dd Mocha TDD
• e469741 Basic pollution protection
• 715e950 Merge pull request #756 from Jeffrey-mu/main
• cabe314 Include advanced usage examples
• 29b076c Added header
• 11503c7 Merge branch 'main' of github.com:mde/ejs into main
• 7690404 Added security banner to README
• f47d7ae Update SECURITY.md
• 828cea1 Update SECURITY.md
• Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

• this is basically v4.0.5, with some README updates
• it is vulnerable to CVE-2024-4067
• Updated braces to v3.0.3 to avoid CVE-2024-4068
• does NOT break API compatibility

[4.0.6] - 2024-05-21

• Added hasBraces to check if a pattern contains braces.
• Fixes CVE-2024-4067
• BREAKS API COMPATIBILITY
• Should be labeled as a major release, but it's not.

Commits

• 8bd704e 4.0.8
• a0e6841 run verb to generate README documentation
• 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
• 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
• 814f5f7 lint
• 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
• 113f2e3 fix: CVE numbers in CHANGELOG
• d9dbd9a feat: updated CHANGELOG
• 2ab1315 fix: use actions/setup-node@v4
• 1406ea3 feat: rework test to work on macos with node 10,12 and 14
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

• this is basically v4.0.5, with some README updates
• it is vulnerable to CVE-2024-4067
• Updated braces to v3.0.3 to avoid CVE-2024-4068
• does NOT break API compatibility

[4.0.6] - 2024-05-21

• Added hasBraces to check if a pattern contains braces.
• Fixes CVE-2024-4067
• BREAKS API COMPATIBILITY
• Should be labeled as a major release, but it's not.

Commits

• 8bd704e 4.0.8
• a0e6841 run verb to generate README documentation
• 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
• 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
• 814f5f7 lint
• 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
• 113f2e3 fix: CVE numbers in CHANGELOG
• d9dbd9a feat: updated CHANGELOG
• 2ab1315 fix: use actions/setup-node@v4
• 1406ea3 feat: rework test to work on macos with node 10,12 and 14
• Additional commits viewable in compare view

Updates elliptic from 6.5.4 to 6.6.0

Commits

• b8a7edd 6.6.0
• 34c8534 fix: signature verification due to leading zeros
• 3e46a48 6.5.7
• accb61e lib: DER signature decoding correction
• 03e06e1 6.5.6
• 7ac5360 Merge commit from fork
• 7570078 6.5.5
• 206da2e lib: lint
• 0a78e03 [Fix] restore node < 4 compat
• See full diff in compare view

Updates vite from 5.2.8 to 5.2.14

Release notes

Sourced from vite's releases.

v5.2.14

Please refer to CHANGELOG.md for details.

v5.2.13

Please refer to CHANGELOG.md for details.

v5.2.12

Please refer to CHANGELOG.md for details.

v5.2.11

Please refer to CHANGELOG.md for details.

v5.2.10

Please refer to CHANGELOG.md for details.

v5.2.9

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.2.14 (2024-09-16)

• fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115) (ebb94c5), closes #18115
• fix: fs raw query (#18112) (8339d74), closes #18112

5.2.13 (2024-06-07)

• fix: backport to 5.2 (#17411) (e6913d1), closes #17411

5.2.12 (2024-05-28)

• chore: move to eslint flat config (#16743) (8f16765), closes #16743
• chore(deps): remove unused deps (#17329) (5a45745), closes #17329
• chore(deps): update all non-major dependencies (#16722) (b45922a), closes #16722
• fix: mention build.rollupOptions.output.manualChunks instead of build.rollupOutput.manualChunks (89378c0), closes #16721
• fix(build): make SystemJSWrapRE match lazy (#16633) (6583ad2), closes #16633
• fix(css): avoid generating empty JS files when JS files becomes empty but has CSS files imported (#1 (95fe5a7), closes #16078
• fix(css): handle lightningcss compiled css in Deno (#17301) (8e4e932), closes #17301
• fix(css): only use files the current bundle contains (#16684) (15a6ebb), closes #16684
• fix(css): page reload was not happening with .css?raw (#16455) (8041846), closes #16455
• fix(deps): update all non-major dependencies (#16603) (6711553), closes #16603
• fix(deps): update all non-major dependencies (#16660) (bf2f014), closes #16660
• fix(deps): update all non-major dependencies (#17321) (4a89766), closes #17321
• fix(error-logging): rollup errors weren't displaying id and codeframe (#16540) (22dc196), closes #16540
• fix(hmr): normalize the path info (#14255) (6a085d0), closes #14255
• fix(hmr): trigger page reload when calling invalidate on root module (#16636) (2b61cc3), closes #16636
• fix(logger): truncate log over 5000 characters long (#16581) (b0b839a), closes #16581
• fix(optimizer): log dependencies added by plugins (#16729) (f0fb987), closes #16729
• fix(sourcemap): improve sourcemap compatibility for vue2 (#16594) (913c040), closes #16594
• docs: correct proxy shorthand example (#15938) (abf766e), closes #15938
• docs: deprecate server.hot (#16741) (e7d38ab), closes #16741

5.2.11 (2024-05-02)

• feat: improve dynamic import variable failure error message (#16519) (f8feeea), closes #16519
• fix: dynamic-import-vars plugin normalize path issue (#16518) (f71ba5b), closes #16518
• fix: scripts and styles were missing from built HTML on Windows (#16421) (0e93f58), closes #16421
• fix(deps): update all non-major dependencies (#16488) (2d50be2), closes #16488
• fix(deps): update all non-major dependencies (#16549) (2d6a13b), closes #16549
• fix(dev): watch publicDir explicitly to include it outside the root (#16502) (4d83eb5), closes #16502
• fix(preload): skip preload for non-static urls (#16556) (bb79c9b), closes #16556
• fix(ssr): handle class declaration and expression name scoping (#16569) (c071eb3), closes #16569
• fix(ssr): handle function expression name scoping (#16563) (02db947), closes #16563

... (truncated)

Commits

• 673ae16 release: v5.2.14
• ebb94c5 fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115)
• 8339d74 fix: fs raw query (#18112)
• 51bf7ea release: v5.2.13
• e6913d1 fix: backport to 5.2 (#17411)
• bed3faa release: v5.2.12
• 5a45745 chore(deps): remove unused deps (#17329)
• 15a6ebb fix(css): only use files the current bundle contains (#16684)
• f0fb987 fix(optimizer): log dependencies added by plugins (#16729)
• 8f16765 chore: move to eslint flat config (#16743)
• Additional commits viewable in compare view

Updates ws from 8.16.0 to 8.17.1

Release notes

Sourced from ws's releases.

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

In vulnerable versions of ws, the issue can be mitigated in the following ways:

1. Reduce the maximum allowed length of the request headers using the [--max-http-header-size=size][] and/or the [maxHeaderSize][] options so that no more headers than the server.maxHeadersCount limit can be sent.

... (truncated)

Commits

• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• b73b118 [dist] 8.17.0
• 29694a5 [test] Use the highWaterMark variable
• 934c9d6 [ci] Test on node 22
• 1817bac [ci] Do not test on node 21
• 96c9b3d [major] Flip the default value of allowSynchronousEvents (#2221)
• e5f32c7 [fix] Emit at most one event per event loop iteration (#2218)
• Additional commits viewable in compare view

Updates postcss from 8.4.38 to 8.4.47

Release notes

Sourced from postcss's releases.

8.4.47

• Removed debug code.

8.4.46

• Fixed Cannot read properties of undefined (reading 'before').

8.4.45

• Removed unnecessary fix which could lead to infinite loop.

8.4.44

• Another way to fix markClean is not a function error.

8.4.43

• Fixed markClean is not a function error.

8.4.42

• Fixed CSS syntax error on long minified files (by @​varpstar).

8.4.41

• Fixed types (by @​nex3 and @​querkmachine).
• Cleaned up RegExps (by @​bluwy).

8.4.40

• Moved to getter/setter in nodes types to help Sass team (by @​nex3).

8.4.39

• Fixed CssSyntaxError types (by @​romainmenke).

Changelog

Sourced from postcss's changelog.

8.4.47

• Removed debug code.

8.4.46

• Fixed Cannot read properties of undefined (reading 'before').

8.4.45

• Removed unnecessary fix which could lead to infinite loop.

8.4.44

• Another way to fix markClean is not a function error.

8.4.43

• Fixed markClean is not a function error.

8.4.42

• Fixed CSS syntax error on long minified files (by @​varpstar).

8.4.41

• Fixed types (by @​nex3 and @​querkmachine).
• Cleaned up RegExps (by @​bluwy).

8.4.40

• Moved to getter/setter in nodes types to help Sass team (by @​nex3).

8.4.39

• Fixed CssSyntaxError types (by @​romainmenke).

Commits

• 5e6fd13 Release 8.4.47 version
• 714bc10 Typo
• 439d20e Release 8.4.46 version
• b93582f Update dependencies
• c51e467 Fix error on inserting node without raws in some cases
• 829ae47 Update dependencies
• 5aaaec2 Update remaining workflow jobs to use latest version of actions (#1968)
• 448c4f3 Release 8.4.45 version
• 1c77d2e Update unnecessary check
• f38b329 Try to fix CI
• Additional commits viewable in compare view

Updates rollup from 4.13.0 to 4.24.3

Release notes

Sourced from rollup's releases.

v4.24.3

4.24.3

2024-10-29

Bug Fixes

• Slightly reduce memory consumption by specifying fixed array sizes where possible (#5703)

Pull Requests

• #5703: perf: use pre-allocated arrays for known result sizes (@​GalacticHypernova)

v4.24.2

4.24.2

2024-10-27

Bug Fixes

• Add missing build dependency (#5705)

Pull Requests

• #5705: Fix "Couldn't find package" error when installing rollup using yarn (@​tagattie)

v4.24.1

4.24.1

2024-10-27

Bug Fixes

• Support running Rollup natively on FreeBSD (#5698)

Pull Requests

• #5689: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5690: chore(deps): update dependency @​inquirer/prompts to v7 (@​renovate[bot])
• #5691: chore(deps): update dependency eslint-plugin-unicorn to v56 (@​renovate[bot])
• #5692: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #5695: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #5696: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5698: Add support for FreeBSD (x64 and arm64) (@​tagattie, @​lukastaegert)

v4.24.0

4.24.0

2024-10-02

... (truncated)

Changelog

Sourced from rollup's changelog.

4.24.3

2024-10-29

Bug Fixes

• Slightly reduce memory consumption by specifying fixed array sizes where possible (#5703)

Pull Requests

• #5703: perf: use pre-allocated arrays for known result sizes (@​GalacticHypernova)

4.24.2

2024-10-27

Bug Fixes

• Add missing build dependency (#5705)

Pull Requests

• #5705: Fix "Couldn't find package" error when installing rollup using yarn (@​tagattie)

4.24.1

2024-10-27

Bug Fixes

• Support running Rollup natively on FreeBSD (#5698)

Pull Requests

• #5689: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5690: chore(deps): update dependency @​inquirer/prompts to v7 (@​renovate[bot])
• #5691: chore(deps): update dependency eslint-plugin-unicorn to v56 (@​renovate[bot])
• #5692: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #5695: fix(deps): update swc monorepo (major) (@​renovate[bot])
• #5696: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #5698: Add support for FreeBSD (x64 and arm64) (@​tagattie, @​lukastaegert)

4.24.0

2024-10-02

Features

• Support preserving and transpiling JSX syntax (#5668)

... (truncated)

Commits

• 69353a8 4.24.3
• 4c5cc76 perf: use pre-allocated arrays for known result sizes (#5703)
• 8cc07f9 Refine performance report
• 32d0e7d 4.24.2
• 85226fd Fix "Couldn't find package" error when installing rollup using yarn (#5705)
• 88a54d8 4.24.1
• b9ff676 Add support for FreeBSD (x64 and arm64) (#5698)
• 9048a4f chore(deps): lock file maintenance minor/patch updates (#5696)
• 028e47c fix(deps): update swc monorepo (major) (#5695)
• 9ac8891 chore(deps): lock file maintenance minor/patch updates (#5692)
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

• this is basically v4.0.5, with some README updates
• it is vulnerable to CVE-2024-4067
• Updated braces to v3.0.3 to avoid CVE-2024-4068
• does NOT break API compatibility

[4.0.6] - 2024-05-21

• Added hasBraces to check if a pattern contains braces.
• Fixes CVE-2024-4067
• BREAKS API COMPATIBILITY
• Should be labeled as a major release, but it's not.

Commits

• 8bd704e 4.0.8
• a0e6841 run verb to generate README documentation