Bump the npm_and_yarn group with 5 updates

Bumps the npm_and_yarn group with 5 updates:

Package	From	To
braces	`3.0.2`	`3.0.3`
ejs	`3.1.9`	`3.1.10`
micromatch	`4.0.5`	`4.0.8`
rollup	`2.79.1`	`2.79.2`
webpack	`5.89.0`	`5.95.0`

Updates braces from 3.0.2 to 3.0.3

Commits

74b2db2 3.0.3
88f1429 update eslint. lint, fix unit tests.
415d660 Snyk js braces 6838727 (#40)
190510f fix tests, skip 1 test in test/braces.expand
716eb9f readme bump
a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
98414f9 remove funding file
665ab5d update keepEscaping doc (#27)
Additional commits viewable in compare view

Updates ejs from 3.1.9 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

Commits

d3f807d Version 3.1.10
9ee26dd Mocha TDD
e469741 Basic pollution protection
715e950 Merge pull request #756 from Jeffrey-mu/main
cabe314 Include advanced usage examples
29b076c Added header
11503c7 Merge branch 'main' of github.com:mde/ejs into main
7690404 Added security banner to README
f47d7ae Update SECURITY.md
828cea1 Update SECURITY.md
Additional commits viewable in compare view

Updates micromatch from 4.0.5 to 4.0.8

Release notes

Sourced from micromatch's releases.

4.0.8

Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.

Changelog

Sourced from micromatch's changelog.

[4.0.8] - 2024-08-22

backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch

[4.0.7] - 2024-05-22

this is basically v4.0.5, with some README updates

it is vulnerable to CVE-2024-4067

Updated braces to v3.0.3 to avoid CVE-2024-4068

does NOT break API compatibility

[4.0.6] - 2024-05-21

Added hasBraces to check if a pattern contains braces.

Fixes CVE-2024-4067

BREAKS API COMPATIBILITY

Should be labeled as a major release, but it's not.

Commits

8bd704e 4.0.8
a0e6841 run verb to generate README documentation
4ec2884 Merge branch 'v4' into hauserkristof-feature/v4.0.8
03aa805 Merge pull request #266 from hauserkristof/feature/v4.0.8
814f5f7 lint
67fcce6 fix: CHANGELOG about braces & CVE-2024-4068, v4.0.5
113f2e3 fix: CVE numbers in CHANGELOG
d9dbd9a feat: updated CHANGELOG
2ab1315 fix: use actions/setup-node@v4
1406ea3 feat: rework test to work on macos with node 10,12 and 14
Additional commits viewable in compare view

Updates rollup from 2.79.1 to 2.79.2

Changelog

Sourced from rollup's changelog.

rollup changelog

4.24.0

2024-10-02

Features

Support preserving and transpiling JSX syntax (#5668)

Pull Requests

#5668: Introduce JSX support (@lukastaegert, @Martin-Idel, @felixhuttmann, @AlexDroll, @tiptr)

4.23.0

2024-10-01

Features

Collect all emitted names and originalFileNames for assets (#5686)

Pull Requests

#5686: Add names and originalFileNames to assets (@lukastaegert)

4.22.5

2024-09-27

Bug Fixes

Allow parsing of certain unicode characters again (#5674)

Pull Requests

#5674: Fix panic with unicode characters (@sapphi-red, @lukastaegert)

#5675: chore(deps): update dependency rollup to v4.22.4 [security] (@renovate[bot])

#5680: chore(deps): update dependency @rollup/plugin-commonjs to v28 (@renovate[bot], @lukastaegert)

#5681: chore(deps): update dependency @rollup/plugin-replace to v6 (@renovate[bot])

#5682: chore(deps): update dependency @rollup/plugin-typescript to v12 (@renovate[bot])

#5684: chore(deps): lock file maintenance minor/patch updates (@renovate[bot])

4.22.4

2024-09-21

Bug Fixes

Fix a vulnerability in generated code that affects IIFE, UMD and CJS bundles when run in a browser context (#5671)

... (truncated)

Commits

c9bd03d 2.79.2
48aef33 fix: resolve DOM Clobbering CVE-2024-43788 (backport to v2) (#5677)
See full diff in compare view

Updates webpack from 5.89.0 to 5.95.0

Release notes

Sourced from webpack's releases.

v5.95.0

Bug Fixes

Fixed hanging when attempting to read a symlink-like file that it can't read

Handle default for import context element dependency

Merge duplicate chunks call after split chunks

Generate correctly code for dynamically importing the same file twice and destructuring

Use content hash as [base] and [name] for extracted DataURI's

Distinguish module and import in module-import for externals import's

[Types] Make EnvironmentPlugin default values types less strict

[Types] Typescript 5.6 compatibility

New Features

Add new optimization.avoidEntryIife option (true by default for the production mode)

Pass output.hash* options to loader context

Performance

Avoid unneeded re-visit in build chunk graph

v5.94.0

Bug Fixes

Added runtime condition for harmony reexport checked

Handle properly data/http/https protocols in source maps

Make bigint optimistic when browserslist not found

Move @types/eslint-scope to dev deps

Related in asset stats is now always an array when no related found

Handle ASI for export declarations

Mangle destruction incorrect with export named default properly

Fixed unexpected asi generation with sequence expression

Fixed a lot of types

New Features

Added new external type "module-import"

Support webpackIgnore for new URL() construction

[CSS] @import pathinfo support

Security

Fixed DOM clobbering in auto public path

v5.93.0

Bug Fixes

Generate correct relative path to runtime chunks

Makes DefinePlugin quieter under default log level

Fixed mangle destructuring default in namespace import

... (truncated)

Commits

e20fd63 chore(release): 5.95.0
4866b0d feat: added new optimization.entryIife option
d90f692 fix: merge duplicate chunks after split chunks
90dec30 fix(externals): distinguish “module” and “import” in “module-import”
c1a0a46 fix(externals): distinguish “module” and “import” in “module-import”
14d8fa8 fix: all tests cases
dae16ad feat: pass output.hash* options to loader context
75d185d feat: pass output.hash* options to loader context
46e0b9c test: update
8e62f9f test
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/LabConnect-RCOS/LabConnect-Frontend/network/alerts).

LabConnect-RCOS / LabConnect-Frontend

Bump the npm_and_yarn group with 5 updates #35

v3.1.10

4.0.8

[4.0.8] - 2024-08-22

[4.0.7] - 2024-05-22

[4.0.6] - 2024-05-21

rollup changelog

4.24.0

Features

Pull Requests

4.23.0

Features

Pull Requests

4.22.5

Bug Fixes

Pull Requests

4.22.4

Bug Fixes

v5.95.0

Bug Fixes

New Features

Performance

v5.94.0

Bug Fixes

New Features

Security

v5.93.0

Bug Fixes