Build(deps): bump vite and @angular-devkit/build-angular

dependabot[bot] commented 6 months ago

Bumps vite to 4.5.3 and updates ancestor dependency @angular-devkit/build-angular. These dependencies need to be updated together.

Updates vite from 4.4.7 to 4.5.3

Changelog

Sourced from vite's changelog.

4.5.3 (2024-03-24)

fix: fs.deny with globs with directories (#16250) (96a7f3a), closes #16250

4.5.2 (2024-01-19)

fix: fs deny for case insensitive systems (#15653) (eeec23b), closes #15653

4.5.1 (2023-12-04)

fix: backport #15223, proxy html path should be encoded (#15226) (41bb354), closes #15223 #15226

4.5.0 (2023-10-18)

feat: backport mdx as known js source (#14560) (#14670) (45595ef), closes #14560 #14670

feat: scan .marko files (#14669) (ed7bdc5), closes #14669

feat(ssr): backport ssr.resolve.conditions and ssr.resolve.externalConditions (#14498) (#14668) (520139c), closes #14498 #14668

4.4.11 (2023-10-05)

revert: "fix: use string manipulation instead of regex to inject esbuild helpers (54e1275), closes #14094

4.4.10 (2023-10-03)

fix: add source map to Web Workers (fix #14216) (#14217) (df6f32f), closes #14216 #14217

fix: handle errors during hasWorkspacePackageJSON function (#14394) (6f6e5de), closes #14394

fix: handle sourcemap correctly when multiple line import exists (#14232) (218861f), closes #14232

fix: if host is specified check whether it is valid (#14013) (b1b816a), closes #14013

fix: include vite/types/* in exports field (#14296) (40e99a1), closes #14296

fix: initWasm options should be optional (#14152) (119c074), closes #14152

fix: restore builtins list (f8b9adb)

fix: use string manipulation instead of regex to inject esbuild helpers (#14094) (128ad8f), closes #14094

fix: ws never connects after restarting server if server.hmr.server is set (#14127) (441642e), closes #14127

fix(analysis): warnings for dynamic imports that use static template literals (#14458) (0c6d289), closes #14458

fix(cli): convert special base (#14283) (d4bc0fb), closes #14283

fix(css): remove pure css chunk sourcemap (#14290) (cd7e033), closes #14290

fix(css): reset render cache on renderStart (#14326) (d334b3d), closes #14326

fix(glob): trigger HMR for glob in a package (#14117) (0f582bf), closes #14117

fix(import-analysis): preserve importedUrls import order (#14465) (269aa43), closes #14465

fix(manifest): preserve pure css chunk assets (#14297) (3d63ae6), closes #14297

... (truncated)

Commits

aac695e release: v4.5.3
96a7f3a fix: fs.deny with globs with directories (#16250)
d0360c1 release: v4.5.2
eeec23b fix: fs deny for case insensitive systems (#15653)
c075115 release: v4.5.1
41bb354 fix: backport #15223, proxy html path should be encoded (#15226)
055d2b8 release: v4.5.0
ed7bdc5 feat: scan .marko files (#14669)
45595ef feat: backport mdx as known js source (#14560) (#14670)
520139c feat(ssr): backport ssr.resolve.conditions and ssr.resolve.externalConditions...
Additional commits viewable in compare view

Updates @angular-devkit/build-angular from 16.2.10 to 16.2.14

Release notes

Sourced from @angular-devkit/build-angular's releases.

v16.2.14

16.2.14 (2024-04-11)

@angular-devkit/build-angular

Commit Description

update vite to 4.5.3

v16.2.13

16.2.13 (2024-03-25)

@angular-devkit/build-angular

Commit Description

update webpack-dev-middleware to 6.1.2

v16.2.12

16.2.12 (2024-01-24)

@angular-devkit/build-angular

Commit Description

update dependency vite to v4.5.2

v16.2.11

16.2.11 (2023-12-21)

Commit	Description
	update vite to `4.5.3`

Commit	Description
	`update webpack-dev-middleware` to `6.1.2`

Commit	Description
	update dependency vite to v4.5.2

Changelog

Sourced from @angular-devkit/build-angular's changelog.

16.2.14 (2024-04-11)

@angular-devkit/build-angular

Commit Type Description

1068c3c73 fix update vite to 4.5.3

18.0.0-next.2 (2024-04-03)

@schematics/angular

Commit Type Description

725883713 feat use eventCoalescing option by default (standalone bootstrap)

508d97da7 feat use ngZoneEventCoalescing option by default (module bootstrap)

157329384 fix add spaces around eventCoalescing option

17.3.3 (2024-04-02)

@schematics/angular

Commit Type Description

a673baf5c fix Revert "fix(@schematics/angular): rename SSR port env variable"

18.0.0-next.1 (2024-03-28)

@schematics/angular

Commit Type Description

6530aa11b feat replace assets with public directory

950a44521 fix rename SSR port env variable

@angular-devkit/build-angular

| Commit | Type | Description |

Commit	Type	Description
1068c3c73	fix	update vite to `4.5.3`

Commit	Type	Description
725883713	feat	use eventCoalescing option by default (standalone bootstrap)
508d97da7	feat	use ngZoneEventCoalescing option by default (module bootstrap)
157329384	fix	add spaces around eventCoalescing option

Commit	Type	Description
a673baf5c	fix	Revert "fix(`@schematics/angular`): rename SSR port env variable"

Commit	Type	Description
6530aa11b	feat	replace `assets` with `public` directory
950a44521	fix	rename SSR port env variable

... (truncated)

Commits

01bd959 release: cut the v16.2.14 release
1068c3c fix(@angular-devkit/build-angular): update vite to 4.5.3
b951c58 release: cut the v16.2.13 release
882fff3 test: update Safari 15 private property E2E for babel changes
bdcc5a1 test: disable failing test
6b8722d build: update ng-dev config to work with Node.js 18.19
5ad507e fix(@angular-devkit/build-angular): update webpack-dev-middleware to 6.1.2
50a46c6 test: update webpack tests filenames and size checks to pass with latest webpack
c306f73 release: cut the v16.2.12 release
5fad401 fix(@angular-devkit/build-angular): update dependency vite to v4.5.2
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dlr-eoc/ukis-frontend-libraries/network/alerts).

socket-security[bot] commented 6 months ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@angular-devkit/build-angular@16.2.14	environment, filesystem, network, shell, unsafe Transitive: eval	`+202`	46 MB	google-wombot

🚮 Removed packages: npm/@angular-devkit/build-angular@16.2.10

View full report↗︎

socket-security[bot] commented 6 months ago

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Install scripts	npm/fsevents@1.2.13	Install script: install Source: `node install.js`	`package-lock.json` `projects/core-ui/package.json`

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/fsevents@1.2.13

dependabot[bot] commented 5 months ago

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dlr-eoc / ukis-frontend-libraries