Bump the npm_and_yarn group across 1 directory with 4 updates

[dependabot]

Bumps the npm_and_yarn group with 4 updates in the /apps/web directory: svelte, vite, micromatch and rollup.

Updates svelte from 4.2.15 to 4.2.19

Release notes

Sourced from svelte's releases.

[email protected]

Patch Changes

• fix: ensure typings for <svelte:options> are picked up (#12902)

• fix: escape < in attribute strings (#12989)

Changelog

Sourced from svelte's changelog.

4.2.19

Patch Changes

• fix: ensure typings for <svelte:options> are picked up (#12902)

• fix: escape < in attribute strings (#12989)

4.2.18

Patch Changes

• chore: speed up regex (#11922)

4.2.17

Patch Changes

• fix: correctly handle falsy values of style directives in SSR mode (#11584)

4.2.16

Patch Changes

• fix: check if svelte component exists on custom element destroy (#11489)

Commits

• d8b3133 Version Packages (#12990)
• 83e96e0 fix: escape < in attribute strings (#12989)
• 5ec4409 fix: ensure typings for \<svelte:options> are picked up (#12902)
• 230916f Version Packages (#11925)
• dbe6057 chore: speed up regex (#11922)
• a8deae9 Version Packages (#11594)
• 8592914 fix: correctly handle falsy values of style directives in SSR mode (#11584)
• 8e4c778 Version Packages (#11491)
• 1bab571 fix: additional check for component on destroy (svelte4) (#11489)
• See full diff in compare view

Updates vite from 5.2.10 to 5.2.14

Release notes

Sourced from vite's releases.

v5.2.14

Please refer to CHANGELOG.md for details.

v5.2.13

Please refer to CHANGELOG.md for details.

v5.2.12

Please refer to CHANGELOG.md for details.

v5.2.11

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.2.14 (2024-09-16)

• fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115) (ebb94c5), closes #18115
• fix: fs raw query (#18112) (8339d74), closes #18112

5.2.13 (2024-06-07)

• fix: backport to 5.2 (#17411) (e6913d1), closes #17411

5.2.12 (2024-05-28)

• chore: move to eslint flat config (#16743) (8f16765), closes #16743
• chore(deps): remove unused deps (#17329) (5a45745), closes #17329
• chore(deps): update all non-major dependencies (#16722) (b45922a), closes #16722
• fix: mention build.rollupOptions.output.manualChunks instead of build.rollupOutput.manualChunks (89378c0), closes #16721
• fix(build): make SystemJSWrapRE match lazy (#16633) (6583ad2), closes #16633
• fix(css): avoid generating empty JS files when JS files becomes empty but has CSS files imported (#1 (95fe5a7), closes #16078
• fix(css): handle lightningcss compiled css in Deno (#17301) (8e4e932), closes #17301
• fix(css): only use files the current bundle contains (#16684) (15a6ebb), closes #16684
• fix(css): page reload was not happening with .css?raw (#16455) (8041846), closes #16455
• fix(deps): update all non-major dependencies (#16603) (6711553), closes #16603
• fix(deps): update all non-major dependencies (#16660) (bf2f014), closes #16660
• fix(deps): update all non-major dependencies (#17321) (4a89766), closes #17321
• fix(error-logging): rollup errors weren't displaying id and codeframe (#16540) (22dc196), closes #16540
• fix(hmr): normalize the path info (#14255) (6a085d0), closes #14255
• fix(hmr): trigger page reload when calling invalidate on root module (#16636) (2b61cc3), closes #16636
• fix(logger): truncate log over 5000 characters long (#16581) (b0b839a), closes #16581
• fix(optimizer): log dependencies added by plugins (#16729) (f0fb987), closes #16729
• fix(sourcemap): improve sourcemap compatibility for vue2 (#16594) (913c040), closes #16594
• docs: correct proxy shorthand example (#15938) (abf766e), closes #15938
• docs: deprecate server.hot (#16741) (e7d38ab), closes #16741

5.2.11 (2024-05-02)

• feat: improve dynamic import variable failure error message (#16519) (f8feeea), closes #16519
• fix: dynamic-import-vars plugin normalize path issue (#16518) (f71ba5b), closes #16518
• fix: scripts and styles were missing from built HTML on Windows (#16421) (0e93f58), closes #16421
• fix(deps): update all non-major dependencies (#16488) (2d50be2), closes #16488
• fix(deps): update all non-major dependencies (#16549) (2d6a13b), closes #16549
• fix(dev): watch publicDir explicitly to include it outside the root (#16502) (4d83eb5), closes #16502
• fix(preload): skip preload for non-static urls (#16556) (bb79c9b), closes #16556
• fix(ssr): handle class declaration and expression name scoping (#16569) (c071eb3), closes #16569
• fix(ssr): handle function expression name scoping (#16563) (02db947), closes #16563

Commits

• 673ae16 release: v5.2.14
• ebb94c5 fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115)
• 8339d74 fix: fs raw query (#18112)
• 51bf7ea release: v5.2.13
• e6913d1 fix: backport to 5.2 (#17411)
• bed3faa release: v5.2.12
• 5a45745 chore(deps): remove unused deps (#17329)
• 15a6ebb fix(css): only use files the current bundle contains (#16684)
• f0fb987 fix(optimizer): log dependencies added by plugins (#16729)
• 8f16765 chore: move to eslint flat config (#16743)
• Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

• backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

• this is basically v4.0.5, with some README updates
• it is vulnerable to CVE-2024-4067
• Updated braces to v3.0.3 to avoid CVE-2024-4068
• does NOT break API compatibility

[4.0.6] - 2024-05-21

• Added hasBraces to check if a pattern contains braces.
• Fixes CVE-2024-4067
• BREAKS API COMPATIBILITY
• Should be labeled as a major release, but it's not.

Commits

• 8bd704e 4.0.8
• a0e6841 run verb to generate README documentation
• 4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
• 03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
• 814f5f7 lint
• 67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
• 113f2e3 fix: CVE numbers in CHANGELOG
• d9dbd9a feat: updated CHANGELOG
• 2ab1315 fix: use actions/setup-node@v4
• 1406ea3 feat: rework test to work on macos with node 10,12 and 14
• Additional commits viewable in compare view

Updates rollup from 4.17.0 to 4.24.0

Release notes

Sourced from rollup's releases.

v4.24.0

4.24.0

2024-10-02

Features

• Support preserving and transpiling JSX syntax (#5668)

Pull Requests

• #5668: Introduce JSX support (@​lukastaegert, @​Martin-Idel, @​felixhuttmann, @​AlexDroll, @​tiptr)

v4.23.0

4.23.0

2024-10-01

Features

• Collect all emitted names and originalFileNames for assets (#5686)

Pull Requests

• #5686: Add names and originalFileNames to assets (@​lukastaegert)

v4.22.5

4.22.5

2024-09-27

Bug Fixes

• Allow parsing of certain unicode characters again (#5674)

Pull Requests

• #5674: Fix panic with unicode characters (@​sapphi-red, @​lukastaegert)
• #5675: chore(deps): update dependency rollup to v4.22.4 [security] (@​renovate[bot])
• #5680: chore(deps): update dependency @​rollup/plugin-commonjs to v28 (@​renovate[bot], @​lukastaegert)
• #5681: chore(deps): update dependency @​rollup/plugin-replace to v6 (@​renovate[bot])
• #5682: chore(deps): update dependency @​rollup/plugin-typescript to v12 (@​renovate[bot])
• #5684: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

v4.22.4

4.22.4

2024-09-21

Bug Fixes

... (truncated)

Changelog

Sourced from rollup's changelog.

4.24.0

2024-10-02

Features

• Support preserving and transpiling JSX syntax (#5668)

Pull Requests

• #5668: Introduce JSX support (@​lukastaegert, @​Martin-Idel, @​felixhuttmann, @​AlexDroll, @​tiptr)

4.23.0

2024-10-01

Features

• Collect all emitted names and originalFileNames for assets (#5686)

Pull Requests

• #5686: Add names and originalFileNames to assets (@​lukastaegert)

4.22.5

2024-09-27

Bug Fixes

• Allow parsing of certain unicode characters again (#5674)

Pull Requests

• #5674: Fix panic with unicode characters (@​sapphi-red, @​lukastaegert)
• #5675: chore(deps): update dependency rollup to v4.22.4 [security] (@​renovate[bot])
• #5680: chore(deps): update dependency @​rollup/plugin-commonjs to v28 (@​renovate[bot], @​lukastaegert)
• #5681: chore(deps): update dependency @​rollup/plugin-replace to v6 (@​renovate[bot])
• #5682: chore(deps): update dependency @​rollup/plugin-typescript to v12 (@​renovate[bot])
• #5684: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])

4.22.4

2024-09-21

Bug Fixes

• Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

Pull Requests

... (truncated)

Commits

• d3c000f 4.24.0
• ca186ee Introduce JSX support (#5668)
• ed98e08 4.23.0
• d0eee9c Add names and originalFileNames to assets (#5686)
• bc7780c 4.22.5
• ee138d1 chore(deps): lock file maintenance minor/patch updates (#5684)
• 2d59dbc chore(deps): update dependency @​rollup/plugin-commonjs to v28 (#5680)
• 524670d Fix panic with unicode characters (#5674)
• 9c5e345 chore(deps): update dependency @​rollup/plugin-replace to v6 (#5681)
• 6d75b6d chore(deps): update dependency @​rollup/plugin-typescript to v12 (#5682)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
aitino	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Oct 22, 2024 6:22pm

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud