HDDS-11172. Bump vite to 4.5.3

[dependabot]

Bumps vite from 4.4.0 to 4.5.3.

Changelog

Sourced from vite's changelog.

4.5.3 (2024-03-24)

• fix: fs.deny with globs with directories (#16250) (96a7f3a), closes #16250

4.5.2 (2024-01-19)

• fix: fs deny for case insensitive systems (#15653) (eeec23b), closes #15653

4.5.1 (2023-12-04)

• fix: backport #15223, proxy html path should be encoded (#15226) (41bb354), closes #15223 #15226

4.5.0 (2023-10-18)

• feat: backport mdx as known js source (#14560) (#14670) (45595ef), closes #14560 #14670
• feat: scan .marko files (#14669) (ed7bdc5), closes #14669
• feat(ssr): backport ssr.resolve.conditions and ssr.resolve.externalConditions (#14498) (#14668) (520139c), closes #14498 #14668

4.4.11 (2023-10-05)

• revert: "fix: use string manipulation instead of regex to inject esbuild helpers (54e1275), closes #14094

4.4.10 (2023-10-03)

• fix: add source map to Web Workers (fix #14216) (#14217) (df6f32f), closes #14216 #14217
• fix: handle errors during hasWorkspacePackageJSON function (#14394) (6f6e5de), closes #14394
• fix: handle sourcemap correctly when multiple line import exists (#14232) (218861f), closes #14232
• fix: if host is specified check whether it is valid (#14013) (b1b816a), closes #14013
• fix: include vite/types/* in exports field (#14296) (40e99a1), closes #14296
• fix: initWasm options should be optional (#14152) (119c074), closes #14152
• fix: restore builtins list (f8b9adb)
• fix: use string manipulation instead of regex to inject esbuild helpers (#14094) (128ad8f), closes #14094
• fix: ws never connects after restarting server if server.hmr.server is set (#14127) (441642e), closes #14127
• fix(analysis): warnings for dynamic imports that use static template literals (#14458) (0c6d289), closes #14458
• fix(cli): convert special base (#14283) (d4bc0fb), closes #14283
• fix(css): remove pure css chunk sourcemap (#14290) (cd7e033), closes #14290
• fix(css): reset render cache on renderStart (#14326) (d334b3d), closes #14326
• fix(glob): trigger HMR for glob in a package (#14117) (0f582bf), closes #14117
• fix(import-analysis): preserve importedUrls import order (#14465) (269aa43), closes #14465
• fix(manifest): preserve pure css chunk assets (#14297) (3d63ae6), closes #14297

... (truncated)

Commits

• aac695e release: v4.5.3
• 96a7f3a fix: fs.deny with globs with directories (#16250)
• d0360c1 release: v4.5.2
• eeec23b fix: fs deny for case insensitive systems (#15653)
• c075115 release: v4.5.1
• 41bb354 fix: backport #15223, proxy html path should be encoded (#15226)
• 055d2b8 release: v4.5.0
• ed7bdc5 feat: scan .marko files (#14669)
• 45595ef feat: backport mdx as known js source (#14560) (#14670)
• 520139c feat(ssr): backport ssr.resolve.conditions and ssr.resolve.externalConditions...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[adoroszlai]

@devabhishekpal can you please check?

[INFO] --- frontend-maven-plugin:1.15.0:npx (install frontend dependencies) @ ozone-recon ---
[INFO] npm not inheriting proxy config from Maven
[INFO] Running 'npx [email protected] install --frozen-lockfile' in /home/runner/work/ozone/ozone/hadoop-ozone/recon/src/main/resources/webapps/recon/ozone-recon-web
[INFO]  ERR_PNPM_LOCKFILE_CONFIG_MISMATCH  Cannot proceed with the frozen installation. The current "settings.autoInstallPeers" configuration doesn't match the value found in the lockfile
[INFO] 
[INFO] Update your lockfile using "pnpm install --no-frozen-lockfile"

[devabhishekpal]

Hi @adoroszlai, I raised HDDS-11169 for this issue.
It could be because the package.json pnpm version is still set as [email protected] and hence the workflow generates a lockfile which is created with pnpm v7, whereas the build is using pnpm v8.

[adoroszlai]

@dependabot rebase