chore(deps-dev): bump the build group with 2 updates

[dependabot[bot]]

Bumps the build group with 2 updates: turbo and vite.

Updates turbo from 2.0.6 to 2.0.9

Release notes

Sourced from turbo's releases.

Turborepo v2.0.9

What's Changed

Examples

• feat(examples): bump turbo for svelte by @​tknickman in vercel/turbo#8796

Changelog

• feature(turborepo): fancy package.json errors by @​NicholasLYang in vercel/turbo#8299
• feat(turborepo): turbo ls with filter by @​NicholasLYang in vercel/turbo#8779

Full Changelog: https://github.com/vercel/turbo/compare/v2.0.8...v2.0.9

Turborepo v2.0.8

What's Changed

Examples

• Update basic example. by @​anthonyshew in vercel/turbo#8784

Changelog

• chore(turborepo): refine package.json parse error by @​NicholasLYang in vercel/turbo#8753
• feat(turbo): add VERCEL to pass through by @​tknickman in vercel/turbo#8794

Full Changelog: https://github.com/vercel/turbo/compare/v2.0.7...v2.0.8

Turborepo v2.0.7

What's Changed

Examples

• Fix lockfile in kitchen-sink. by @​anthonyshew in vercel/turbo#8666
• fix(examples): correct next.config extension in tsconfig by @​moolcoov in vercel/turbo#8638
• feat(examples): add with-nestjs example by @​Neosoulink in vercel/turbo#8162

Changelog

• (refactor)ui: Refactoring/simplifying TUI state by @​anthonyshew in vercel/turbo#8650
• fix: add more windows vars to default pass through env by @​chris-olszewski in vercel/turbo#8615
• Add Docker to default passthroughs list. by @​anthonyshew in vercel/turbo#8690
• Add VSCode's debugger variables to default passthroughs. by @​anthonyshew in vercel/turbo#8689
• update env_wildcards for SvelteKit by @​jacksteamdev in vercel/turbo#8685
• fix constant width for checkmark by @​dimitropoulos in vercel/turbo#8702
• fix(ui): respect --output-logs and outputLogs for persisting logs after TUI exits by @​chris-olszewski in vercel/turbo#8612
• fix(ui): only start ui if there are tasks to run by @​chris-olszewski in vercel/turbo#8703
• chore(ui): add tracing to all tui operations by @​chris-olszewski in vercel/turbo#8704
• adds CLI flag for controlling tui/stream by @​dimitropoulos in vercel/turbo#8714
• feat: allow opting out of required package manager by @​chris-olszewski in vercel/turbo#8738
• upgrade deps to avoid conflict with next.js by @​sokra in vercel/turbo#8750
• refactor(turborepo): derive Opts from Config by @​NicholasLYang in vercel/turbo#8759

New Contributors

... (truncated)

Commits

• ea74070 publish 2.0.9 to registry
• f00b73d feat(examples): bump turbo for svelte (#8796)
• 925ed6f feat(turborepo): turbo ls with filter (#8779)
• 5a68e3a feature(turborepo): fancy package.json errors (#8299)
• b51e9e4 release(turborepo): 2.0.8 (#8795)
• 3c2991c feat(turbo): add VERCEL to pass through (#8794)
• 332589a fix watcher bug with file creation (#8785)
• c5ae6fb chore(ci): JS tests don't need to setup rust and capnproto (#8787)
• 8de0996 chore(ci): rm unused input to custom action (#8789)
• f9bf670 chore(ci): run JS package tests on node 18 (#8730)
• Additional commits viewable in compare view

Updates vite from 5.3.3 to 5.3.4

Changelog

Sourced from vite's changelog.

5.3.4 (2024-07-16)

• fix: update Terser type definitions (fix #17668) (#17669) (b723a75), closes #17668 #17669
• fix(build): skip preload treeshaking for nested braces (#17687) (4be96b4), closes #17687
• fix(css): include .css?url in assets field of manifest (#17623) (1465b20), closes #17623
• fix(worker): nested inlined worker always fallbacked to data URI worker instead of using blob worker (07bc489), closes #17509
• refactor: replace includes with logical operations (#17620) (c4a2227), closes #17620
• chore: add callback to http-proxy.d.ts jsdoc (#17646) (d8a5d70), closes #17646

Commits

• 4e57a97 release: v5.3.4
• 1465b20 fix(css): include .css?url in assets field of manifest (#17623)
• c4a2227 refactor: replace includes with logical operations (#17620)
• d8a5d70 chore: add callback to http-proxy.d.ts jsdoc (#17646)
• 4be96b4 fix(build): skip preload treeshaking for nested braces (#17687)
• b723a75 fix: update Terser type definitions (fix #17668) (#17669)
• 07bc489 fix(worker): nested inlined worker always fallbacked to data URI worker inste...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[socket-security[bot]]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher

View full report↗︎

[socket-security[bot]]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: npm/p-try@2.2.0, npm/path-exists@4.0.0, npm/path-type@4.0.0, npm/picomatch@2.3.1, npm/pify@4.0.1, npm/proto-list@1.2.4, npm/pseudomap@1.0.2, npm/queue-microtask@1.2.3, npm/reusify@1.0.4, npm/shebang-regex@1.0.0, npm/signal-exit@3.0.7, npm/slash@3.0.0, npm/sprintf-js@1.0.3, npm/strip-bom@3.0.0, npm/strip-json-comments@2.0.1, npm/undici-types@5.26.5, npm/universalify@0.1.2, npm/yallist@2.1.2

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

[lishaduck]

@SocketSecurity ignore-all