chore(deps): bump the npm_and_yarn group with 2 updates

[dependabot[bot]]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the npm_and_yarn group with 2 updates: vite and tar.

Updates vite from 5.0.2 to 5.0.13

Changelog

Sourced from vite's changelog.

5.0.13 (2024-03-24)

• fix: fs.deny with globs with directories (#16250) (d2db33f), closes #16250

5.0.12 (2024-01-19)

• fix: await configResolved hooks of worker plugins (#15597) (#15605) (ef89f80), closes #15597 #15605
• fix: fs deny for case insensitive systems (#15653) (91641c4), closes #15653

5.0.11 (2024-01-05)

• fix: don't pretransform classic script links (#15361) (19e3c9a), closes #15361
• fix: inject __vite__mapDeps code before sourcemap file comment (#15483) (d2aa096), closes #15483
• fix(assets): avoid splitting , inside base64 value of srcset attribute (#15422) (8de7bd2), closes #15422
• fix(html): handle offset magic-string slice error (#15435) (5ea9edb), closes #15435
• chore(deps): update dependency strip-literal to v2 (#15475) (49d21fe), closes #15475
• chore(deps): update tj-actions/changed-files action to v41 (#15476) (2a540ee), closes #15476

5.0.10 (2023-12-15)

• fix: omit protocol does not require pre-transform (#15355) (d9ae1b2), closes #15355
• fix(build): use base64 for inline SVG if it contains both single and double quotes (#15271) (1bbff16), closes #15271

5.0.9 (2023-12-14)

• fix: htmlFallbackMiddleware for favicon (#15301) (c902545), closes #15301
• fix: more stable hash calculation for depsOptimize (#15337) (2b39fe6), closes #15337
• fix(scanner): catch all external files for glob imports (#15286) (129d0d0), closes #15286
• fix(server): avoid chokidar throttling on startup (#15347) (56a5740), closes #15347
• fix(worker): replace import.meta correctly for IIFE worker (#15321) (08d093c), closes #15321
• feat: log re-optimization reasons (#15339) (b1a6c84), closes #15339
• chore: temporary typo (#15329) (7b71854), closes #15329
• perf: avoid computing paths on each request (#15318) (0506812), closes #15318
• perf: temporary hack to avoid fs checks for /@​react-refresh (#15299) (b1d6211), closes #15299

5.0.8 (2023-12-12)

• perf: cached fs utils (#15279) (c9b61c4), closes #15279
• fix: missing warmupRequest in transformIndexHtml (#15303) (103820f), closes #15303
• fix: public files map will be updated on add/unlink in windows (#15317) (921ca41), closes #15317

... (truncated)

Commits

• 80b1b07 release: v5.0.13
• d2db33f fix: fs.deny with globs with directories (#16250)
• ee81e19 release: v5.0.12
• 91641c4 fix: fs deny for case insensitive systems (#15653)
• ef89f80 fix: await configResolved hooks of worker plugins (#15597) (#15605)
• b44c493 release: v5.0.11
• d2aa096 fix: inject __vite__mapDeps code before sourcemap file comment (#15483)
• 2a540ee chore(deps): update tj-actions/changed-files action to v41 (#15476)
• 5ea9edb fix(html): handle offset magic-string slice error (#15435)
• 49d21fe chore(deps): update dependency strip-literal to v2 (#15475)
• Additional commits viewable in compare view

Updates tar from 6.2.0 to 6.2.1

Commits

• bef7b1e 6.2.1
• fe8cd57 prevent extraction in excessively deep subfolders
• fe7ebfd remove security.md
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/janbiasi/rollup-plugin-sbom/network/alerts).

[dependabot[bot]]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml