chore(deps): bump the npm_and_yarn group across 1 directories with 8 updates

[dependabot]

Bumps the npm_and_yarn group with 8 updates in the /. directory:

Package	From	To
vite	3.1.8	3.2.8
@babel/traverse	7.15.4	7.23.9
ip	1.1.8	1.1.9
json5	1.0.1	1.0.2
loader-utils	1.4.0	1.4.2
qs	6.5.2	6.5.3
semver	5.7.1	5.7.2
word-wrap	1.2.3	1.2.5

Updates vite from 3.1.8 to 3.2.8

Changelog

Sourced from vite's changelog.

3.2.8 (2024-01-19)

• fix: fs deny for case insensitive (a26c87d)

3.2.7 (2023-05-26)

• fix: port #13348 to v3, fs.deny with leading double slash (#13349) (0574f80), closes #13348 #13349

3.2.6 (2023-04-18)

• fix: escape msg in render restricted error html, backport (#12889) (#12892) (b48ac2a), closes #12889 #12892

3.2.5 (2022-12-05)

• chore: cherry pick more v4 bug fixes to v3 (#11189) (eba9b42), closes #11189 #10949 #11056 #8663 #10958 #11120 #11122 #11123 #11132
• chore: cherry pick v4 bug fix to v3 (#11110) (c93a526), closes #11110 #10941 #10987 #10985 #11067
• fix: relocated logger to respect config. (#10787) (#10967) (bc3b5a9), closes #10787 #10967

3.2.4 (2022-11-15)

• fix: prevent cache on optional package resolve (v3) (#10812) (#10845) (3ba45b9), closes #10812 #10845
• fix(ssr): skip optional peer dep resolve (v3) (#10593) (#10931) (7f59dcf), closes #10593 #10931 #10593

3.2.3 (2022-11-07)

• refactor: change style.innerHTML to style.textContent (#10801) (8ea71b4), closes #10801
• fix: add @types/node as an optional peer dependency (#10757) (57916a4), closes #10757
• fix: transform import.meta.glob when scan JS/TS #10634 (#10635) (c53ffec), closes #10634 #10635
• fix(css): url() with variable in sass/less (fixes #3644, #7651) (#10741) (fa2e47f), closes #3644 #7651 #10741
• feat: add vite:afterUpdate event (#9810) (1f57f84), closes #9810
• perf: improve multilineCommentsRE regex (fix #10689) (#10751) (51ed059), closes #10689 #10751
• perf: Use only one ps exec to find a Chromium browser opened on Mac OS (#10588) (f199e90), closes #10588
• chore: fix dev build replacing undefined (#10740) (1358a3c), closes #10740
• chore: remove non used type definitions (#10738) (ee8c7a6), closes #10738
• chore(deps): update dependency @​rollup/plugin-commonjs to v23 (#10611) (cc4be70), closes #10611
• chore(deps): update dependency @​rollup/plugin-dynamic-import-vars to v2 (#10726) (326f782), closes #10726

3.2.2 (2022-10-31)

... (truncated)

Commits

• 7e3a866 release: v3.2.8
• a26c87d fix: fs deny for case insensitive
• 494f36b release: v3.2.7
• 0574f80 fix: port #13348 to v3, fs.deny with leading double slash (#13349)
• f494760 release: v3.2.6
• b48ac2a fix: escape msg in render restricted error html, backport (#12889) (#12892)
• 77ee19b release: v3.2.5
• eba9b42 chore: cherry pick more v4 bug fixes to v3 (#11189)
• c93a526 chore: cherry pick v4 bug fix to v3 (#11110)
• bc3b5a9 fix: relocated logger to respect config. (#10787) (#10967)
• Additional commits viewable in compare view

Updates @babel/traverse from 7.15.4 to 7.23.9

Release notes

Sourced from @​babel/traverse's releases.

v7.23.9 (2024-01-25)

🐛 Bug Fix

• babel-helper-transform-fixture-test-runner, babel-plugin-transform-function-name, babel-plugin-transform-modules-systemjs, babel-preset-env
  • #16225 fix: systemjs re-traverses helpers (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16226 Improve decorated private method check (@​JLHwung)
• babel-plugin-proposal-decorators, babel-plugin-transform-async-generator-functions, babel-plugin-transform-runtime, babel-preset-env
  • #16224 Properly sort core-js@3 imports (@​nicolo-ribaudo)
• babel-traverse
  • #15383 fix: Don't throw in getTypeAnnotation when using TS+inference (@​liuxingbaoyu)
• Other
  • #16210 [eslint] Fix no-use-before-define for class ref in fields (@​nicolo-ribaudo)

🏠 Internal

• babel-core, babel-parser, babel-template
  • #16222 Migrate eslint-parser to cts (@​liuxingbaoyu)
• babel-types
  • #16213 Remove @babel/types props that are not produced by the parser (@​liuxingbaoyu)

🏃‍♀️ Performance

• babel-parser
  • #16072 perf: Improve parser performance for typescript (@​liuxingbaoyu)

🔬 Output optimization

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-new-target, babel-plugin-transform-parameters, babel-plugin-transform-private-methods, babel-preset-env
  • #16218 Improve temporary variables for decorators (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #15959 Improve output of using (@​liuxingbaoyu)

Committers: 4

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

v7.23.8 (2024-01-08)

🐛 Bug Fix

• babel-preset-env
  • #16181 fix: preset-env throws exception for export * as x (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-decorators
  • #16201 fix: decorator binds getter/setter to ctx.access for public fields (@​liuxingbaoyu)
  • #16199 fix: Class decorator correctly passes return value (@​liuxingbaoyu)

↩️ Revert

• #16202 Revert "chore: Update artifact tools (#16184)" (@​JLHwung)

🔬 Output optimization

• babel-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-function-name, babel-plugin-transform-parameters, babel-plugin-transform-react-jsx, babel-plugin-transform-runtime, babel-plugin-transform-spread, babel-plugin-transform-typescript, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.23.9 (2024-01-25)

🐛 Bug Fix

• babel-helper-transform-fixture-test-runner, babel-plugin-transform-function-name, babel-plugin-transform-modules-systemjs, babel-preset-env
  • #16225 fix: systemjs re-traverses helpers (@​liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16226 Improve decorated private method check (@​JLHwung)
• babel-plugin-proposal-decorators, babel-plugin-transform-async-generator-functions, babel-plugin-transform-runtime, babel-preset-env
  • #16224 Properly sort core-js@3 imports (@​nicolo-ribaudo)
• babel-traverse
  • #15383 fix: Don't throw in getTypeAnnotation when using TS+inference (@​liuxingbaoyu)
• Other
  • #16210 [eslint] Fix no-use-before-define for class ref in fields (@​nicolo-ribaudo)

🏠 Internal

• babel-core, babel-parser, babel-template
  • #16222 Migrate eslint-parser to cts (@​liuxingbaoyu)
• babel-types
  • #16213 Remove @babel/types props that are not produced by the parser (@​liuxingbaoyu)

🏃‍♀️ Performance

• babel-parser
  • #16072 perf: Improve parser performance for typescript (@​liuxingbaoyu)

🔬 Output optimization

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-new-target, babel-plugin-transform-parameters, babel-plugin-transform-private-methods, babel-preset-env
  • #16218 Improve temporary variables for decorators (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #15959 Improve output of using (@​liuxingbaoyu)

v7.23.8 (2024-01-08)

🐛 Bug Fix

• babel-preset-env
  • #16181 fix: preset-env throws exception for export * as x (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-decorators
  • #16201 fix: decorator binds getter/setter to ctx.access for public fields (@​liuxingbaoyu)
  • #16199 fix: Class decorator correctly passes return value (@​liuxingbaoyu)

↩️ Revert

• #16202 Revert "chore: Update artifact tools (#16184)" (@​JLHwung)

🔬 Output optimization

• babel-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-function-name, babel-plugin-transform-parameters, babel-plugin-transform-react-jsx, babel-plugin-transform-runtime, babel-plugin-transform-spread, babel-plugin-transform-typescript, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16194 Improve output of super() (@​liuxingbaoyu)

v7.23.7 (2023-12-29)

🐛 Bug Fix

• babel-traverse
  • #16191 fix: Crash when removing without Program (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-decorators

... (truncated)

Commits

• a0dd614 v7.23.9
• 1200542 fix: Don't throw in getTypeAnnotation when using TS+inference (#15383)
• e428a6d v7.23.7
• d292822 fix: Crash when removing without Program (#16191)
• d02c1f7 v7.23.6
• cce807f Bump debug to ^4.3.1 (#16164)
• 8479012 v7.23.5
• da7dc40 Do not remove bindings when removing assignment expression path (#16131)
• fadc081 fix: Unexpected duplication of comments (#16110)
• 13a5c83 v7.23.4
• Additional commits viewable in compare view

Updates ip from 1.1.8 to 1.1.9

Commits

• 1ecbf2f 1.1.9
• 6a3ada9 lib: fixed CVE-2023-42282 and added unit test
• See full diff in compare view

Updates json5 from 1.0.1 to 1.0.2

Release notes

Sourced from json5's releases.

v1.0.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295). This has been backported to v1. (#298)

Changelog

Sourced from json5's changelog.

Unreleased [code, diff]

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

v2.1.3 [code, diff]

• Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

v2.1.2 [code, diff]

... (truncated)

Commits

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add proto to objects and arrays
• See full diff in compare view

Updates loader-utils from 1.4.0 to 1.4.2

Release notes

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

Changelog

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

Commits

• 331ad50 chore(release): 1.4.2
• 17cbf8f fix: ReDoS problem (#226)
• 8f082b3 chore(release): 1.4.1
• 4504e34 fix: security problem (#220)
• See full diff in compare view

Updates qs from 6.5.2 to 6.5.3

Changelog

Sourced from qs's changelog.

6.5.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] correctly parse nested arrays
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Refactor] utils: reduce observable [[Get]]s
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [Refactor] parse: only need to reassign the var once
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] always use String(x) over x.toString()
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

Commits

• 298bfa5 v6.5.3
• ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
• 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
• 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
• 12ac1c4 [meta] fix README.md (#399)
• 0338716 [actions] backport actions from main
• 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
• 51b8a0b add FUNDING.yml
• 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
• f814a7f [Dev Deps] backport from main
• Additional commits viewable in compare view

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

• 2f8fd41 #585 better handling of whitespace (#585) (@​joaomoreno, @​lukekarrys)

5.7

• Add minVersion method

5.6

• Move boolean loose param to an options object, with backwards-compatibility protection.
• Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

• Add version coercion capabilities

5.4

• Add intersection checking

5.3

• Add minSatisfying method

5.2

• Add prerelease(v) that returns prerelease components

5.1

• Add Backus-Naur for ranges
• Remove excessively cute inspection methods

5.0

• Remove AMD/Browserified build artifacts
• Fix ltr and gtr when using the * range
• Fix for range * with a prerelease identifier

Commits

• f8cc313 chore: release 5.7.2
• 2f8fd41 fix: better handling of whitespace (#585)
• deb5ad5 chore: @​npmcli/template-oss@​4.16.0
• See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: jonschlinkert/word-wrap@1.2.4...1.2.5

1.2.4

What's Changed

• Remove default indent by @​mohd-akram in jonschlinkert/word-wrap#24
• 🔒fix: CVE 2023 26115 (2) by @​OlafConijn in jonschlinkert/word-wrap#41
• 🔒 fix: CVE-2023-26115 by @​aashutoshrathi in jonschlinkert/word-wrap#33
• chore: publish workflow by @​OlafConijn in jonschlinkert/word-wrap#42

New Contributors

• @​mohd-akram made their first contribution in jonschlinkert/word-wrap#24
• @​OlafConijn made their first contribution in jonschlinkert/word-wrap#41
• @​aashutoshrathi made their first contribution in jonschlinkert/word-wrap#33

Full Changelog: jonschlinkert/word-wrap@1.2.3...1.2.4

Commits

• 207044e 1.2.5
• 9894315 revert default indent
• f64b188 run verb to generate README
• 03ea082 Merge pull request #42 from jonschlinkert/chore/publish-workflow
• 420dce9 Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2
• bfa694e Update .github/workflows/publish.yml
• ace0b3c chore: bump version to 1.2.4
• 6fd7275 chore: add publish workflow
• 30d6daf chore: fix test
• 655929c chore: remove package-lock
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #7.