chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates #1

dependabot · 2024-08-30T17:16:13Z

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package	From	To
svelte	`3.55.1`	`4.2.19`
vite	`4.1.1`	`4.5.3`
braces	`3.0.2`	`3.0.3`
undici	`5.22.1`	`5.28.4`
@sveltejs/kit	`1.20.1`	`1.30.4`

Updates svelte from 3.55.1 to 4.2.19

Release notes

Sourced from svelte's releases.

[email protected]

Patch Changes

fix: ensure typings for <svelte:options> are picked up (#12902)

fix: escape < in attribute strings (#12989)

[email protected]

Patch Changes

chore: speed up regex (#11922)

Changelog

Sourced from svelte's changelog.

4.2.19

Patch Changes

fix: ensure typings for <svelte:options> are picked up (#12902)

fix: escape < in attribute strings (#12989)

4.2.18

Patch Changes

chore: speed up regex (#11922)

4.2.17

Patch Changes

fix: correctly handle falsy values of style directives in SSR mode (#11584)

4.2.16

Patch Changes

fix: check if svelte component exists on custom element destroy (#11489)

4.2.15

Patch Changes

support attribute selector inside :global() (#11135)

4.2.14

Patch Changes

fix parsing camelcase container query name (#11131)

4.2.13

Patch Changes

fix: applying :global for +,~ sibling combinator when slots are present (#9282)

4.2.12

Patch Changes

fix: properly update svelte:component props when there are spread props (#10604)

... (truncated)

Commits

d8b3133 Version Packages (#12990)
83e96e0 fix: escape < in attribute strings (#12989)
5ec4409 fix: ensure typings for \<svelte:options> are picked up (#12902)
230916f Version Packages (#11925)
dbe6057 chore: speed up regex (#11922)
a8deae9 Version Packages (#11594)
8592914 fix: correctly handle falsy values of style directives in SSR mode (#11584)
8e4c778 Version Packages (#11491)
1bab571 fix: additional check for component on destroy (svelte4) (#11489)
9f2341f Version Packages (#11202)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by svelte-admin, a new releaser for svelte since your current version.

Updates vite from 4.1.1 to 4.5.3

Changelog

Sourced from vite's changelog.

4.5.3 (2024-03-24)

fix: fs.deny with globs with directories (#16250) (96a7f3a), closes #16250

4.5.2 (2024-01-19)

fix: fs deny for case insensitive systems (#15653) (eeec23b), closes #15653

4.5.1 (2023-12-04)

fix: backport #15223, proxy html path should be encoded (#15226) (41bb354), closes #15223 #15226

4.5.0 (2023-10-18)

feat: backport mdx as known js source (#14560) (#14670) (45595ef), closes #14560 #14670

feat: scan .marko files (#14669) (ed7bdc5), closes #14669

feat(ssr): backport ssr.resolve.conditions and ssr.resolve.externalConditions (#14498) (#14668) (520139c), closes #14498 #14668

4.4.11 (2023-10-05)

revert: "fix: use string manipulation instead of regex to inject esbuild helpers (54e1275), closes #14094

4.4.10 (2023-10-03)

fix: add source map to Web Workers (fix #14216) (#14217) (df6f32f), closes #14216 #14217

fix: handle errors during hasWorkspacePackageJSON function (#14394) (6f6e5de), closes #14394

fix: handle sourcemap correctly when multiple line import exists (#14232) (218861f), closes #14232

fix: if host is specified check whether it is valid (#14013) (b1b816a), closes #14013

fix: include vite/types/* in exports field (#14296) (40e99a1), closes #14296

fix: initWasm options should be optional (#14152) (119c074), closes #14152

fix: restore builtins list (f8b9adb)

fix: use string manipulation instead of regex to inject esbuild helpers (#14094) (128ad8f), closes #14094

fix: ws never connects after restarting server if server.hmr.server is set (#14127) (441642e), closes #14127

fix(analysis): warnings for dynamic imports that use static template literals (#14458) (0c6d289), closes #14458

fix(cli): convert special base (#14283) (d4bc0fb), closes #14283

fix(css): remove pure css chunk sourcemap (#14290) (cd7e033), closes #14290

fix(css): reset render cache on renderStart (#14326) (d334b3d), closes #14326

fix(glob): trigger HMR for glob in a package (#14117) (0f582bf), closes #14117

fix(import-analysis): preserve importedUrls import order (#14465) (269aa43), closes #14465

fix(manifest): preserve pure css chunk assets (#14297) (3d63ae6), closes #14297

... (truncated)

Commits

aac695e release: v4.5.3
96a7f3a fix: fs.deny with globs with directories (#16250)
d0360c1 release: v4.5.2
eeec23b fix: fs deny for case insensitive systems (#15653)
c075115 release: v4.5.1
41bb354 fix: backport #15223, proxy html path should be encoded (#15226)
055d2b8 release: v4.5.0
ed7bdc5 feat: scan .marko files (#14669)
45595ef feat: backport mdx as known js source (#14560) (#14670)
520139c feat(ssr): backport ssr.resolve.conditions and ssr.resolve.externalConditions...
Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates postcss from 8.4.21 to 8.4.41

Release notes

Sourced from postcss's releases.

8.4.41

Fixed types (by @nex3 and @querkmachine).

Cleaned up RegExps (by @bluwy).

8.4.40

Moved to getter/setter in nodes types to help Sass team (by @nex3).

8.4.39

Fixed CssSyntaxError types (by @romainmenke).

8.4.38

Fixed endIndex: 0 in errors and warnings (by @romainmenke).

8.4.37

Fixed original.column are not numbers error in another case.

8.4.36

Fixed original.column are not numbers error on broken previous source map.

8.4.35

Avoid ! in node.parent.nodes type.

Allow to pass undefined to node adding method to simplify types.

8.4.34

Fixed AtRule#nodes type (by @tim-we).

Cleaned up code (by @DrKiraDmitry).

8.4.33

Fixed NoWorkResult behavior difference with normal mode (by @romainmenke).

Fixed NoWorkResult usage conditions (by @ahmdammarr).

8.4.32

Fixed postcss().process() types (by @ferreira-tb).

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

Improved source map performance (by @romainmenke).

8.4.29

Fixed Node#source.offset (by @idoros).

Fixed docs (by @coliff).

8.4.28

Fixed Root.source.end for better source map (by @romainmenke).

Fixed Result.root types when process() has no parser.

8.4.27

Fixed Container clone methods types.

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.41

Fixed types (by @nex3 and @querkmachine).

Cleaned up RegExps (by @bluwy).

8.4.40

Moved to getter/setter in nodes types to help Sass team (by @nex3).

8.4.39

Fixed CssSyntaxError types (by @romainmenke).

8.4.38

Fixed endIndex: 0 in errors and warnings (by @romainmenke).

8.4.37

Fixed original.column are not numbers error in another case.

8.4.36

Fixed original.column are not numbers error on broken previous source map.

8.4.35

Avoid ! in node.parent.nodes type.

Allow to pass undefined to node adding method to simplify types.

8.4.34

Fixed AtRule#nodes type (by Tim Weißenfels).

Cleaned up code (by Dmitry Kirillov).

8.4.33

Fixed NoWorkResult behavior difference with normal mode (by Romain Menke).

Fixed NoWorkResult usage conditions (by @ahmdammarr).

8.4.32

Fixed postcss().process() types (by Andrew Ferreira).

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

Improved source map performance (by Romain Menke).

8.4.29

Fixed Node#source.offset (by Ido Rosenthal).

Fixed docs (by Christian Oliff).

8.4.28

Fixed Root.source.end for better source map (by Romain Menke).

Fixed Result.root types when process() has no parser.

8.4.27

Fixed Container clone methods types.

... (truncated)

Commits

57e0211 Release 8.4.41 version
f27134f Update dependencies
146d31c Merge pull request #1952 from nex3/rule-props
3707c3b Merge remote-tracking branch 'origin/main' into rule-props
9ab3619 Declare Input.toJSON()
be59ad4 Remove dead website
165154b Update dependencies
6127a44 Declaration#variable do not have setter
536726d Fix type
58fa0ef Sort keys
Additional commits viewable in compare view

Updates undici from 5.22.1 to 5.28.4

Release notes

Sourced from undici's releases.

v5.28.4

⚠️ Security Release ⚠️

Fixes GHSA-m4v8-wqvr-p9f7 CVE-2024-30260

Fixes GHSA-9qxr-qj54-h672 CVE-2024-30261

Full Changelog: nodejs/undici@v5.28.3...v5.28.4

v5.28.3

⚠️ Security Release ⚠️

Fixes:

CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch

Full Changelog: nodejs/undici@v5.28.2...v5.28.3

v5.28.2

What's Changed

fix: remove optional chainning for compatible with Nodejs12 and below by @bugb in nodejs/undici#2470

fix: remove node: prefix by @tsctx in nodejs/undici#2471

perf: avoid Headers initialization by @tsctx in nodejs/undici#2468

fix: handle SharedArrayBuffer correctly by @tsctx in nodejs/undici#2466

fix: Add null type to signal in RequestInit by @gebsh in nodejs/undici#2455

fix: correctly handle data URL with hashes. by @tsctx in nodejs/undici#2475

fix: check response for timinginfo allow flag by @ToshB in nodejs/undici#2477

Make call to onBodySent conditional in RetryHandler by @MzUgM in nodejs/undici#2478

refactor: better integrity check by @tsctx in nodejs/undici#2462

fix: Added support for inline URL username:password proxy auth by @matt-way in nodejs/undici#2473

build(deps-dev): bump jsdom from 22.1.0 to 23.0.0 by @dependabot in nodejs/undici#2472

build(deps-dev): bump sinon from 16.1.3 to 17.0.1 by @dependabot in nodejs/undici#2405

build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 by @dependabot in nodejs/undici#2396

build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 by @dependabot in nodejs/undici#2395

build(deps): bump step-security/harden-runner from 2.5.0 to 2.6.0 by @dependabot in nodejs/undici#2392

build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 by @dependabot in nodejs/undici#2389

build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in nodejs/undici#2302

New Contributors

@bugb made their first contribution in nodejs/undici#2470

@gebsh made their first contribution in nodejs/undici#2455

@ToshB made their first contribution in nodejs/undici#2477

@MzUgM made their first contribution in nodejs/undici#2478

@matt-way made their first contribution in nodejs/undici#2473

Full Changelog: nodejs/undici@v5.28.1...v5.28.2

v5.28.1

What's Changed

perf: Improve normalizeMethod by @tsctx in nodejs/undici#2456

fix: dispatch error handling by @ronag in nodejs/undici#2459

... (truncated)

Commits

fb98306 Bumped v5.28.4
2b39440 Merge pull request from GHSA-9qxr-qj54-h672
64e3402 Merge pull request from GHSA-m4v8-wqvr-p9f7
723c4e7 Revert "build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 (#2389)"
0e9d54b skip failing test due to Node.js changes
e71cb4c Bumped v5.28.3
20c65b8 Fix tests for Node.js v20.11.0 (#2618)
8ec52cd Fix tests for Node.js v21 (#2609)
d3aa574 Merge pull request from GHSA-3787-6prv-h9w3
9a14e5f Bumped v5.28.2
Additional commits viewable in compare view

Updates @sveltejs/kit from 1.20.1 to 1.30.4

Changelog

Sourced from @sveltejs/kit's changelog.

1.30.4

Patch Changes

chore(deps): upgrade and unpin undici (#11860)

1.30.3

Patch Changes

fix: correct documentation for beforeNavigate (#11300)

1.30.2

Patch Changes

fix: revert recent 'correctly return 415' and 'correctly return 404' changes (#11295)

1.30.1

Patch Changes

fix: prerendered root page with paths.base config uses correct trailing slash option (#10763)

fix: correctly return 404 when a form action is not found (#11278)

1.30.0

Minor Changes

feat: inline response.arrayBuffer() during ssr (#10535)

Patch Changes

fix: allow "false" value for preload link options (#10555)

fix: call worker unref instead of terminate (#10120)

fix: correctly analyse exported server API methods during build (#11019)

fix: avoid error when back navigating before page is initialized (#10636)

fix: allow service-worker.js to import assets (#9285)

fix: distinguish better between not-found and internal-error (#11131)

1.29.1

Patch Changes

... (truncated)

Commits

a6c8f21 Version Packages (#11862)
9b8e731 chore(deps): upgrade and unpin undici (#11860)
a3c4ddb chore: upgrade to prettier 3.1.1 (#11304)
9ae5943 Version Packages (#11302)
f82df6c fix: correct documentation for beforeNavigate (#11300)
99e4bfb Version Packages (#11296)
86a1357 fix: revert recent error changes (#11295)
b2b1951 Version Packages (#11288)
5b81a21 fix: action not found should return 404 (#11278)
5b1d1ab fix: prevent incorrect trailing slash redirect for prerendered root page when...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

…dates Bumps the npm_and_yarn group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `3.55.1` | `4.2.19` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `4.1.1` | `4.5.3` | | [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` | | [undici](https://github.com/nodejs/undici) | `5.22.1` | `5.28.4` | | [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) | `1.20.1` | `1.30.4` | Updates `svelte` from 3.55.1 to 4.2.19 - [Release notes](https://github.com/sveltejs/svelte/releases) - [Changelog](https://github.com/sveltejs/svelte/blob/[email protected]/packages/svelte/CHANGELOG.md) - [Commits](https://github.com/sveltejs/svelte/commits/[email protected]/packages/svelte) Updates `vite` from 4.1.1 to 4.5.3 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v4.5.3/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v4.5.3/packages/vite) Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) Updates `postcss` from 8.4.21 to 8.4.41 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.21...8.4.41) Updates `undici` from 5.22.1 to 5.28.4 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.22.1...v5.28.4) Updates `@sveltejs/kit` from 1.20.1 to 1.30.4 - [Release notes](https://github.com/sveltejs/kit/releases) - [Changelog](https://github.com/sveltejs/kit/blob/@sveltejs/[email protected]/packages/kit/CHANGELOG.md) - [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/[email protected]/packages/kit) --- updated-dependencies: - dependency-name: svelte dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: postcss dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undici dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: "@sveltejs/kit" dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Aug 30, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates #1

chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates #1

dependabot bot commented on behalf of github Aug 30, 2024

chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates #1

Are you sure you want to change the base?

chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates #1

Conversation

dependabot bot commented on behalf of github Aug 30, 2024

[email protected]

Patch Changes

[email protected]

Patch Changes

4.2.19

Patch Changes

4.2.18

Patch Changes

4.2.17

Patch Changes

4.2.16

Patch Changes

4.2.15

Patch Changes

4.2.14

Patch Changes

4.2.13

Patch Changes

4.2.12

Patch Changes

4.5.3 (2024-03-24)

4.5.2 (2024-01-19)

4.5.1 (2023-12-04)

4.5.0 (2023-10-18)

4.4.11 (2023-10-05)

4.4.10 (2023-10-03)

8.4.41

8.4.40

8.4.39

8.4.38

8.4.37

8.4.36

8.4.35

8.4.34

8.4.33

8.4.32

8.4.31

8.4.30

8.4.29

8.4.28

8.4.27

8.4.41

8.4.40

8.4.39

8.4.38

8.4.37

8.4.36

8.4.35

8.4.34

8.4.33

8.4.32

8.4.31

8.4.30

8.4.29

8.4.28

8.4.27

v5.28.4

⚠️ Security Release ⚠️

v5.28.3

⚠️ Security Release ⚠️

v5.28.2

What's Changed

New Contributors

v5.28.1

What's Changed

1.30.4

Patch Changes

1.30.3

Patch Changes

1.30.2

Patch Changes

1.30.1

Patch Changes

1.30.0

Minor Changes