Bump the npm_and_yarn group across 2 directories with 9 updates

[dependabot[bot]]

Bumps the npm_and_yarn group with 4 updates in the / directory: vite, ejs, undici and webpack-dev-middleware. Bumps the npm_and_yarn group with 5 updates in the /e2e directory:

Package	From	To
semver	7.5.4	7.6.2
@cypress/request	2.88.12	3.0.1
@badeball/cypress-cucumber-preprocessor	15.1.3	20.0.5
cypress	12.0.0	13.11.0
word-wrap	1.2.3	1.2.5

Updates vite from 4.5.2 to 4.5.3

Changelog

Sourced from vite's changelog.

4.5.3 (2024-03-24)

• fix: fs.deny with globs with directories (#16250) (96a7f3a), closes #16250

Commits

• aac695e release: v4.5.3
• 96a7f3a fix: fs.deny with globs with directories (#16250)
• See full diff in compare view

Updates ejs from 3.1.8 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

v3.1.9

Version 3.1.9

Commits

• d3f807d Version 3.1.10
• 9ee26dd Mocha TDD
• e469741 Basic pollution protection
• 715e950 Merge pull request #756 from Jeffrey-mu/main
• cabe314 Include advanced usage examples
• 29b076c Added header
• 11503c7 Merge branch 'main' of github.com:mde/ejs into main
• 7690404 Added security banner to README
• f47d7ae Update SECURITY.md
• 828cea1 Update SECURITY.md
• Additional commits viewable in compare view

Updates undici from 5.28.3 to 5.28.4

Release notes

Sourced from undici's releases.

v5.28.4

:warning: Security Release :warning:

• Fixes https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7 CVE-2024-30260
• Fixes https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672 CVE-2024-30261

Full Changelog: https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4

Commits

• fb98306 Bumped v5.28.4
• 2b39440 Merge pull request from GHSA-9qxr-qj54-h672
• 64e3402 Merge pull request from GHSA-m4v8-wqvr-p9f7
• 723c4e7 Revert "build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 (#2389)"
• 0e9d54b skip failing test due to Node.js changes
• See full diff in compare view

Updates webpack-dev-middleware from 5.3.3 to 5.3.4

Release notes

Sourced from webpack-dev-middleware's releases.

v5.3.4

5.3.4 (2024-03-20)

Bug Fixes

• security: do not allow to read files above (#1779) (189c4ac)

Changelog

Sourced from webpack-dev-middleware's changelog.

5.3.4 (2024-03-20)

Bug Fixes

• security: do not allow to read files above (#1779) (189c4ac)

Commits

• 86071ea chore(release): 5.3.4
• 189c4ac fix(security): do not allow to read files above (#1779)
• See full diff in compare view

Updates semver from 7.5.4 to 7.6.2

Release notes

Sourced from semver's releases.

v7.6.2

7.6.2 (2024-05-09)

Bug Fixes

• 6466ba9 #713 lru: use map.delete() directly (#713) (@​negezor, @​lukekarrys)

v7.6.1

7.6.1 (2024-05-04)

Bug Fixes

• c570a34 #704 linting: no-unused-vars (@​wraithgar)
• ad8ff11 #704 use internal cache implementation (@​mbtools)
• ac9b357 #682 typo in compareBuild debug message (#682) (@​mbtools)

Dependencies

• 988a8de #709 uninstall lru-cache (#709)
• 3fabe4d #704 remove lru-cache

Chores

• dd09b60 #705 bump @​npmcli/template-oss to 4.22.0 (@​lukekarrys)
• ec49cdc #701 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• b236c3d #696 add benchmarks (#696) (@​H4ad)
• 692451b #688 various improvements to README (#688) (@​mbtools)
• 5feeb7f #705 postinstall for dependabot template-oss PR (@​lukekarrys)
• 074156f #701 bump @​npmcli/template-oss from 4.21.3 to 4.21.4 (@​dependabot[bot])

v7.6.0

7.6.0 (2024-01-31)

Features

• a7ab13a #671 preserve pre-release and build parts of a version on coerce (#671) (@​madtisa, madtisa, @​wraithgar)

Chores

• 816c7b2 #667 postinstall for dependabot template-oss PR (@​lukekarrys)
• 0bd24d9 #667 bump @​npmcli/template-oss from 4.21.1 to 4.21.3 (@​dependabot[bot])
• e521932 #652 postinstall for dependabot template-oss PR (@​lukekarrys)
• 8873991 #652 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• f317dc8 #652 bump @​npmcli/template-oss from 4.19.0 to 4.21.0 (@​dependabot[bot])
• 7303db1 #658 add clean() test for build metadata (#658) (@​jethrodaniel)
• 6240d75 #656 add missing quotes in README.md (#656) (@​zyxkad)
• 14d263f #625 postinstall for dependabot template-oss PR (@​lukekarrys)
• 7c34e1a #625 bump @​npmcli/template-oss from 4.18.1 to 4.19.0 (@​dependabot[bot])
• 123e0b0 #622 postinstall for dependabot template-oss PR (@​lukekarrys)
• 737d5e1 #622 bump @​npmcli/template-oss from 4.18.0 to 4.18.1 (@​dependabot[bot])

... (truncated)

Changelog

Sourced from semver's changelog.

7.6.2 (2024-05-09)

Bug Fixes

• 6466ba9 #713 lru: use map.delete() directly (#713) (@​negezor, @​lukekarrys)

7.6.1 (2024-05-04)

Bug Fixes

• c570a34 #704 linting: no-unused-vars (@​wraithgar)
• ad8ff11 #704 use internal cache implementation (@​mbtools)
• ac9b357 #682 typo in compareBuild debug message (#682) (@​mbtools)

Dependencies

• 988a8de #709 uninstall lru-cache (#709)
• 3fabe4d #704 remove lru-cache

Chores

• dd09b60 #705 bump @​npmcli/template-oss to 4.22.0 (@​lukekarrys)
• ec49cdc #701 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• b236c3d #696 add benchmarks (#696) (@​H4ad)
• 692451b #688 various improvements to README (#688) (@​mbtools)
• 5feeb7f #705 postinstall for dependabot template-oss PR (@​lukekarrys)
• 074156f #701 bump @​npmcli/template-oss from 4.21.3 to 4.21.4 (@​dependabot[bot])

7.6.0 (2024-01-31)

Features

• a7ab13a #671 preserve pre-release and build parts of a version on coerce (#671) (@​madtisa, madtisa, @​wraithgar)

Chores

• 816c7b2 #667 postinstall for dependabot template-oss PR (@​lukekarrys)
• 0bd24d9 #667 bump @​npmcli/template-oss from 4.21.1 to 4.21.3 (@​dependabot[bot])
• e521932 #652 postinstall for dependabot template-oss PR (@​lukekarrys)
• 8873991 #652 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• f317dc8 #652 bump @​npmcli/template-oss from 4.19.0 to 4.21.0 (@​dependabot[bot])
• 7303db1 #658 add clean() test for build metadata (#658) (@​jethrodaniel)
• 6240d75 #656 add missing quotes in README.md (#656) (@​zyxkad)
• 14d263f #625 postinstall for dependabot template-oss PR (@​lukekarrys)
• 7c34e1a #625 bump @​npmcli/template-oss from 4.18.1 to 4.19.0 (@​dependabot[bot])
• 123e0b0 #622 postinstall for dependabot template-oss PR (@​lukekarrys)
• 737d5e1 #622 bump @​npmcli/template-oss from 4.18.0 to 4.18.1 (@​dependabot[bot])
• cce6180 #598 postinstall for dependabot template-oss PR (@​lukekarrys)
• b914a3d #598 bump @​npmcli/template-oss from 4.17.0 to 4.18.0 (@​dependabot[bot])

Commits

• eb1380b chore: release 7.6.2 (#714)
• 6466ba9 fix(lru): use map.delete() directly (#713)
• d777418 chore: release 7.6.1 (#706)
• 988a8de deps: uninstall lru-cache (#709)
• 5feeb7f chore: postinstall for dependabot template-oss PR
• dd09b60 chore: bump @​npmcli/template-oss to 4.22.0
• c570a34 fix(linting): no-unused-vars
• ad8ff11 fix: use internal cache implementation
• 3fabe4d deps: remove lru-cache
• ec49cdc chore: chore: chore: postinstall for dependabot template-oss PR
• Additional commits viewable in compare view

Updates @cypress/request from 2.88.12 to 3.0.1

Release notes

Sourced from @​cypress/request's releases.

v3.0.1

3.0.1 (2023-09-06)

Bug Fixes

• deps: peg qs to 6.10.4 (fb9f625)

v3.0.0

3.0.0 (2023-08-08)

Features

• Add allowInsecureRedirect option (c5bcf21)

BREAKING CHANGES

• The allowInsecureRedirect is false by default, which may cause issues if your usage relies on insecure redirects. For the former behavior, you can opt in to insecure redirects by setting the option to true, but it is not recommended.

Co-authored-by: Szymon Drosdzol szymon@doyensec.com

Changelog

Sourced from @​cypress/request's changelog.

Change Log

v2.88.0 (2018/08/10)

• #2996 fix(uuid): import versioned uuid (@​kwonoj)
• #2994 Update to oauth-sign 0.9.0 (@​dlecocq)
• #2993 Fix header tests (@​simov)
• #2904 #515, #2894 Strip port suffix from Host header if the protocol is known. (#2904) (@​paambaati)
• #2791 Improve AWS SigV4 support. (#2791) (@​vikhyat)
• #2977 Update test certificates (@​simov)

v2.87.0 (2018/05/21)

• #2943 Replace hawk dependency with a local implemenation (#2943) (@​hueniverse)

v2.86.0 (2018/05/15)

• #2885 Remove redundant code (for Node.js 0.9.4 and below) and dependency (@​ChALkeR)
• #2942 Make Test GREEN Again! (@​simov)
• #2923 Alterations for failing CI tests (@​gareth-robinson)

v2.85.0 (2018/03/12)

• #2880 Revert "Update hawk to 7.0.7 (#2880)" (@​simov)

v2.84.0 (2018/03/12)

• #2793 Fixed calculation of oauth_body_hash, issue #2792 (@​dvishniakov)
• #2880 Update hawk to 7.0.7 (#2880) (@​kornel-kedzierski)

v2.83.0 (2017/09/27)

• #2776 Updating tough-cookie due to security fix. (#2776) (@​karlnorling)

v2.82.0 (2017/09/19)

• #2703 Add Node.js v8 to Travis CI (@​ryysud)
• #2751 Update of hawk and qs to latest version (#2751) (@​Olivier-Moreau)
• #2658 Fixed some text in README.md (#2658) (@​Marketionist)
• #2635 chore(package): update aws-sign2 to version 0.7.0 (#2635) (@​greenkeeperio-bot)
• #2641 Update README to simplify & update convenience methods (#2641) (@​FredKSchott)
• #2541 Add convenience method for HTTP OPTIONS (#2541) (@​jamesseanwright)
• #2605 Add promise support section to README (#2605) (@​FredKSchott)
• #2579 refactor(lint): replace eslint with standard (#2579) (@​ahmadnassri)
• #2598 Update codecov to version 2.0.2 🚀 (@​greenkeeperio-bot)
• #2590 Adds test-timing keepAlive test (@​nicjansma)
• #2589 fix tabulation on request example README.MD (@​odykyi)
• #2594 chore(dependencies): har-validator to 5.x [removes babel dep] (@​ahmadnassri)

v2.81.0 (2017/03/09)

• #2584 Security issue: Upgrade qs to version 6.4.0 (@​sergejmueller)
• #2578 safe-buffer doesn't zero-fill by default, its just a polyfill. (#2578) (@​mikeal)
• #2566 Timings: Tracks 'lookup', adds 'wait' time, fixes connection re-use (#2566) (@​nicjansma)
• #2574 Migrating to safe-buffer for improved security. (@​mikeal)
• #2573 fixes #2572 (@​ahmadnassri)

v2.80.0 (2017/03/04)

... (truncated)

Commits

• ca62f3a Merge pull request #44 from MikeMcC399/peg/qs
• fb9f625 fix(deps): peg qs to 6.10.4
• 99338c8 chore: updates related to release process (#41)
• c5bcf21 feat: Add allowInsecureRedirect option
• See full diff in compare view

Updates @badeball/cypress-cucumber-preprocessor from 15.1.3 to 20.0.5

Release notes

Sourced from @​badeball/cypress-cucumber-preprocessor's releases.

v20.0.5

• Updated all dependencies, fixes #1180.

v20.0.4

• Fix type signature of defineParameterType to correctly reflect transformer property's optionality, fixes #1179.

v20.0.3

• Handle browser / page crash gracefully, fixes #1172.

v20.0.2

• Add support for skipped / pending scenario hooks, fixes #1159.

• Add support for suite-level test configuration, fixes #1158.

v20.0.1

• Handle more corner cases related to reload-behavior, fixes #1142.

v20.0.0

Breaking changes:

• The onAfterStep hook, part of the API for adding attachments from the Node environment, is no longer invoked after scenario hooks, IE. After(..) and Before(..).

  • It now more closely mimic the behavior of AfterStep(..), which it was supposed to.

• The above-mentioned onAfterStep hook, is no longer invoked with a wasLastStep property.

  • This is now easily determined by using other properties, as reflected in the docs.

• Messages reports are no longer implicitly enabled and written to disk when enabling JSON or HTML reports, fixes #1140.

Other changes:

• Emit meta information (lib version, node version, os, ci) in meesage reports, fixes #1133.

  • This is in line with how cucumber-js behaves.

• The above-mentioned onAfterStep hook, is now invoked with a bunch of relevant data, relates to #1089.

• Add a tool for merging messages reports, fixes #1137.

  • This is first and foremost created to support merging related reports obtained through parallelization using Cypress Cloud.

v19.2.0

• Add order option to all hooks, fixes #481.

• Add a filterSpecsMixedMode option, fixes #1125.

  • This essentially reverts 0b2702b from v19.1.1 and re-introduces original behavior of discarding non-feature specs by default and introduces an option to control this behavior.

v19.1.1

... (truncated)

Changelog

Sourced from @​badeball/cypress-cucumber-preprocessor's changelog.

v20.0.5

• Updated all dependencies, fixes #1180.

v20.0.4

• Fix type signature of defineParameterType to correctly reflect transformer property's optionality, fixes #1179.

v20.0.3

• Handle browser / page crash gracefully, fixes #1172.

v20.0.2

• Add support for skipped / pending scenario hooks, fixes #1159.

• Add support for suite-level test configuration, fixes #1158.

v20.0.1

• Handle more corner cases related to reload-behavior, fixes #1142.

v20.0.0

Breaking changes:

• The onAfterStep hook, part of the API for adding attachments from the Node environment, is no longer invoked after scenario hooks, IE. After(..) and Before(..).

  • It now more closely mimic the behavior of AfterStep(..), which it was supposed to.

• The above-mentioned onAfterStep hook, is no longer invoked with a wasLastStep property.

  • This is now easily determined by using other properties, as reflected in the docs.

• Messages reports are no longer implicitly enabled and written to disk when enabling JSON or HTML reports, fixes #1140.

Other changes:

• Emit meta information (lib version, node version, os, ci) in meesage reports, fixes #1133.

  • This is in line with how cucumber-js behaves.

• The above-mentioned onAfterStep hook, is now invoked with a bunch of relevant data, relates to #1089.

• Add a tool for merging messages reports, fixes #1137.

  • This is first and foremost created to support merging related reports obtained through parallelization using Cypress Cloud.

v19.2.0

... (truncated)

Commits

• 0173e4f v20.0.5
• 9759458 Ensure clean install before publishing
• f4f161f Use @testing-library/dom to test HTML reports
• 531839b Update* all dependencies, including @cucumber/messages
• a135df3 Add a script for testing actions locally
• 38e6aa1 v20.0.4
• 7ef825b Make transformer of defineParameterType optional
• 055d8df v20.0.3
• 622a280 Handle browser / page crash gracefully
• 145dde3 v20.0.2
• Additional commits viewable in compare view

Updates cypress from 12.0.0 to 13.11.0

Release notes

Sourced from cypress's releases.

v13.11.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-11-0

v13.10.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-10-0

v13.9.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-9-0

v13.8.1

Changelog: https://docs.cypress.io/guides/references/changelog#13-8-1

v13.8.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-8-0

v13.7.3

Changelog: https://docs.cypress.io/guides/references/changelog#13-7-3

v13.7.2

Changelog: https://docs.cypress.io/guides/references/changelog#13-7-2

v13.7.1

Changelog: https://docs.cypress.io/guides/references/changelog#13-7-1

v13.7.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-7-0

v13.6.6

Changelog: https://docs.cypress.io/guides/references/changelog#13-6-6

v13.6.5

Changelog: https://docs.cypress.io/guides/references/changelog#13-6-5

v13.6.4

Changelog: https://docs.cypress.io/guides/references/changelog#13-6-4

v13.6.3

Changelog: https://docs.cypress.io/guides/references/changelog#13-6-3

v13.6.2

Changelog: https://docs.cypress.io/guides/references/changelog#13-6-2

v13.6.1

Changelog: https://docs.cypress.io/guides/references/changelog#13-6-1

v13.6.0

Changelog: https://docs.cypress.io/guides/references/changelog#13-6-0

v13.5.1

Changelog: https://docs.cypress.io/guides/references/changelog#13-5-1

... (truncated)

Commits

• 09c6876 chore: release 13.11.0 (#29615)
• e790891 feat: add option to ignore chrome preferences (#29447)
• 4ccdd86 misc: Add generic types to net-stubbing for use in intercept and wait (#29508)
• 687eb60 fix: Launchpad perpetual loading state, in certain circumstances (#29597)
• f2894c4 perf: optimize reduce in wrapConsoleProps (#29501)
• 41faa7e chore: Update Chrome (stable) to 125.0.6422.141 and Chrome (beta) to 126.0.64...
• ea83415 chore: move questions-remain into cypress repo (#29542)
• e6b422c chore: release @​cypress/webpack-dev-server-v3.9.0
• cf6b29d feat: support Next.JS version 14 (#29558)
• 2cf5cf8 chore(deps): Security upgrade micromatch from 4.0.4 to 4.0.6 (#29559)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by atofstryker, a new releaser for cypress since your current version.

Updates word-wrap from 1.2.3 to 1.2.5

Release notes

Sourced from word-wrap's releases.

1.2.5

Changes:

Reverts default value for options.indent to two spaces ' '.

Full Changelog: https://github.com/jonschlinkert/word-wrap/compare/1.2.4...1.2.5

1.2.4

What's Changed

• Remove default indent by @​mohd-akram in jonschlinkert/word-wrap#24
• 🔒fix: CVE 2023 26115 (2) by @​OlafConijn in jonschlinkert/word-wrap#41
• :lock: fix: CVE-2023-26115 by @​aashutoshrathi in jonschlinkert/word-wrap#33
• chore: publish workflow by @​OlafConijn in jonschlinkert/word-wrap#42

New Contributors

• @​mohd-akram made their first contribution in jonschlinkert/word-wrap#24
• @​OlafConijn made their first contribution in jonschlinkert/word-wrap#41
• @​aashutoshrathi made their first contribution in jonschlinkert/word-wrap#33

Full Changelog: https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4

Commits

• 207044e 1.2.5
• 9894315 revert default indent
• f64b188 run verb to generate README
• 03ea082 Merge pull request #42 from jonschlinkert/chore/publish-workflow
• 420dce9 Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2
• bfa694e Update .github/workflows/publish.yml
• ace0b3c chore: bump version to 1.2.4
• 6fd7275 chore: add publish workflow
• 30d6daf chore: fix test
• 655929c chore: remove package-lock
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/swisstopo/swissgeol-assets-suite/network/alerts).

[dependabot[bot]]

Looks like these dependencies are updatable in another way, so this is no longer needed.